Forgot your password?
typodupeerror
Privacy Businesses Communications Security IT

US Firms Read Employee E-mail On a Massive Scale 263

Posted by timothy
from the this-call-may-be-monitored dept.
An anonymous reader writes "In its fifth annual study of outbound e-mail and data loss prevention issues, Proofpoint found that 41% of the largest companies surveyed (those with 20,000 or more employees) reported that they employ staff to read or otherwise analyze the contents of outbound e-mail. 22% of these companies said they employ staff primarily or exclusively for this purpose."
This discussion has been archived. No new comments can be posted.

US Firms Read Employee E-mail On a Massive Scale

Comments Filter:
  • by Unique2 (325687) on Thursday May 22, 2008 @09:15AM (#23504022)
    I also monitor your web traffic, now get back to work!
    • by Kamokazi (1080091)
      And I use Ideal Admin to silent-instll VNC and watch every move you make.
      • GenControl doesn't need any remote installation, just to be in the admin group on the machine.
    • Re:Get back to work! (Score:5, Interesting)

      by Lumpy (12016) on Thursday May 22, 2008 @10:11AM (#23504760) Homepage
      Yup. I stopped "special" surfing at the office when I put a linux box on a hub between the network internet router and the switches. I simply sniffed all traffic for image files and displayed it on a 42" LCD out in the sales area.

      Images were displayed of what people were surfing. I also attached the ip address of the user to the image.

      It stopped inappropriate internet surfing in that office in 3 days.

      When everyone can wee what you are doing, you get back to real work.

      • by Profane MuthaFucka (574406) <busheatskok@gmail.com> on Thursday May 22, 2008 @10:19AM (#23504856) Homepage Journal
        You wouldn't catch me surfing and getting my images up on that screen. I'd be out there watching that screen all day long. Seldom is there a really cool idea posted on Slashdot, but that's definitely cool.
      • Wow, the Slashdot logo would be up all the time in this office.
      • Re: (Score:3, Insightful)

        by TheSpoom (715771) *
        And I'd totally have left to go to an office that cares about productivity and not how or when their developers are working.

        Also, Tor and/or encryption.
      • Re: (Score:2, Insightful)

        by Anonymous Coward
        What I still don't get is why things like web surfing etc. are necessarily always seen as bad by companies. I mean... sure, if you're a grunt who gets paid to mop floors or so, your employer won't want you to do anything else on company time; but if you're an engineer, a programmer, a designer or so, someone who's paid to THINK, then it really should be obvious that keeping you happy and motivated is the way to go.

        And that's doubly true given that you can't force people to be creative - if they're burnt out
        • by AHumbleOpinion (546848) on Thursday May 22, 2008 @12:06PM (#23506628) Homepage
          What I still don't get is why things like web surfing etc. are necessarily always seen as bad by companies.

          Note that the original poster wrote 'I stopped "special" surfing at the office'. There is a pretty high probability that this is referring to porn. Tolerating employees visiting porn sites is one way a company can get sued. Of course while the solution described in this article is cool and amusing, it is probably another way to get a company sued.

          Ever wonder why Google is so successful? ...

          Inertia mostly. They had a brilliant idea a while ago and have refined it since then to maintain competitiveness. Google has done many cool things since then but they are mostly a drain on success or neutral, some mild successes, but no big successes outside the original domain. Also, it is doubtful Google allows employees to browse porn sites either. With their deep pockets their fears regarding law suits are going to be pretty high.

          ... Here's a hint: corporate culture and motivation

          Clue: "Law of Small Numbers", http://en.wikipedia.org/wiki/Hasty_generalization [wikipedia.org]. :-) Google pretty much has a dot bomb culture. I think the spectacular success of one instance of a dot bomb culture is distracting you from the many failures. It is premature to say that Google's success is due to anything beyond a brilliant idea at the right time combined with rich angel investors. Their initial success and its continued dividends allows them to afford many inefficiencies, perhaps many elements of their cultures fit into this area. Keep in mind that success can hide inefficiency and that the true causes of success are sometimes erroneously attributed.

          Now at least one element of Google culture, allowing employees the time to work on pet projects that many benefit the company, may have a proven track record. 3M allowed this for decades and many useful products emerged. Google may follow 3M's lead, but it is a little early to pass judgement.
      • Re:Get back to work! (Score:4, Informative)

        by tyrione (134248) on Thursday May 22, 2008 @01:44PM (#23508256) Homepage

        Yup. I stopped "special" surfing at the office when I put a linux box on a hub between the network internet router and the switches. I simply sniffed all traffic for image files and displayed it on a 42" LCD out in the sales area. Images were displayed of what people were surfing. I also attached the ip address of the user to the image. It stopped inappropriate internet surfing in that office in 3 days. When everyone can wee what you are doing, you get back to real work.

        Yet, I don't know who has managed to slit my tires consistently for the past 3 years since I started this approach. Also, since I never get asked to company socials I've got more free time to think of even more creative ways to piss off my fellow staff members.

        Of course this all could be solved if we worked in a business that required actually creating/inventing products instead of managing peoples services.

  • by Lord Grey (463613) * on Thursday May 22, 2008 @09:16AM (#23504042)
    From ProofPoint's products page [proofpoint.com]:

    Proofpoint's unified email security and data loss prevention solutions provide complete protection against both inbound and outbound messaging threats. Learn more by exploring the Proofpoint Platforms and Modular Defenses links, below. Proofpoint solutions:
    • Defend against inbound threats such as spam, viruses and denial-of-service attacks
    • Prevent leaks of confidential or private information with robust, easy-to-use data loss prevention features
    • Encrypt sensitive information, based on customizable email security policies
    • Analyze messaging infrastructures and implement data loss prevention policies immediately
    • Are available in multiple deployment platforms including hardware appliances, anti-spam virtual appliances, software and on-demand service

    It may be just me, but I get really suspicious when a company in any business sponsors a survey and then uses the results to justify their own existence.
    • by gnutoo (1154137) *

      All this does is prove that you can't trust people who work at big dumb companies. They can't tell you what they really think by email, so you have to assume they are lying to you. It's amazing that 41% of these companies admitted to the practice after the whole HP scandal.

      • by maxume (22995) on Thursday May 22, 2008 @09:31AM (#23504228)
        The shadiest thing they could possibly do is to monitor your email and not disclose it.

        If they are disclosing that they monitor your use of their resources, you can choose if you are willing to put up with it or not.
      • All this does is prove that you can't trust people who work at big dumb companies. They can't tell you what they really think by email, so you have to assume they are lying to you. It's amazing that 41% of these companies admitted to the practice after the whole HP scandal.

        Fb whfg ebg13-rapbqr rirelguvat.
  • by Reality Master 201 (578873) on Thursday May 22, 2008 @09:17AM (#23504052) Journal
    Particularly for the Slashdot crowd? Hell, a portion of the readership is probably responsible for helping to implement such measures.

    Don't use your work email for personal stuff. It was never a good idea, and it's becoming ever less of a good idea. Don't say anything in an email that you wouldn't say in person or in writing. Be professional.

    Also, don't forward chain letters, don't send around forwards of kitten pictures, pr0n, jokes, political screeds, etc. etc. Most people don't want to get it and you're wasting bandwidth.
    • by thermian (1267986) on Thursday May 22, 2008 @09:37AM (#23504302)
      having seen the amount of crap that gets sent around work email when it's not monitored, I can see the purpose of checking the email of employees.
      Personal emails should only ever be sent from personal email accounts. That's just common sense.

      After all, how dumb is it to put personal information into a system that is likely to see it archived for years in a system you are unlikely to have any control over.

      Work email should be just for that, work. Just saying that won't work though, people, especially people who use computers, act with some kind of weird collective stupidity at times that can cause even the most sensible people to do and say things they would never do otherwise.

      Better to monitor and make sure everyone follows the rules then have an email from your company showing up on the Internet saying something you would never condone.

      Before any 'ooh, I've read 1984 so I am an expert on surveillance societies' morons chip in, I'm talking about the cold hard reality of business here. One wrong word can send stock prices through the floor.
      • Re: (Score:2, Informative)

        by murraj2 (987249)
        This really depends on the company you work for. Many companies block all e-mailing, or in some industries such as Banking, it's mandated by law.

        The key thing is to get your work done and don't send stupid shit like the Paris Hilton video via e-mail. Most companies accept e-mail as a communication tool, and don't have a problem with you sending an e-mail that says "I'm working til 6, let's meet at 6:30 at XYZ restaurant for dinner." What they're monitoring is inter-office relationships, confidential informa
    • by stoolpigeon (454276) * <bittercode@gmail> on Thursday May 22, 2008 @09:39AM (#23504322) Homepage Journal
      I wrote the code that went through the emails from a small company where I was employed. While I was writing and testing the system, I ended up reading a lot of email.
       
      I was shocked at what I saw. People shopping around their resume, looking for new jobs. People emailing people who they were involved with in an extra-marital affair. And lots of the other junk you mention. And this was primarily involving execs.
    • Re: (Score:2, Interesting)

      Particularly for the Slashdot crowd? Hell, a portion of the readership is probably responsible for helping to implement such measures.

      Guilty as charged.

      On the whole good advice. In my experience most large companies use data loss prevention (DLP) products chiefly to monitor for personally identifiable information (PII) such as SSNs, credit card numbers, drivers license number, bank account numbers, etc. If your email doesn't contain a recognizable piece of PII, it generally does not get logged. DLP products certainly can be used to monitor "Acceptable Use" violations, but most companies I've seen would rather stick their heads in

    • by PMuse (320639)

      Also, don't forward chain letters, don't send around forwards of kitten pictures, pr0n, jokes, political screeds, etc. etc. Most people don't want to get it and you're wasting bandwidth.

      The time has come for us to stop using the 'wasting bandwidth' argument against users forwarding crap. The bandwidth of our systems now comfortably handles so much data (spam, heavy attachments, etc.) that nothing individual users have time to do (without automation or looping, at least) can amount to even a drop in the bucket.

      Even the simpering idiot who routinely forwards kitten videos to hundred-person lists has difficulty causing real bandwidth trouble. Label that user as 'mostly harmless' and don't

      • The time has come for us to stop using the 'wasting bandwidth' argument against users forwarding crap. The bandwidth of our systems now comfortably handles so much data (spam, heavy attachments, etc.) that nothing individual users have time to do (without automation or looping, at least) can amount to even a drop in the bucket.

        I don't know about bandwidth, but in my office, we're often asked to archive our email because we're running out of space on the Rackspace server.

        Seems like that would happen a lo

    • by King_TJ (85913) on Thursday May 22, 2008 @11:19AM (#23505798) Journal
      I work in a smaller business (one of those shops where I'm the only only doing both the email administration and pretty much all the other computer-related stuff). What I tend to see is employees *receiving* non work-related material, not so much SENDING it.

      Some employees don't even have a home computer with Internet access, so all their friends start sending their "funny photos", jokes, and so forth to the only contact address they can find for the person - the work email.

      You *could* "blacklist" those people from sending you things, but come on! These are the employee's friends or relatives. They really don't want to block everything they might send them, because sometimes it's relevant or useful.
  • Your rights? (Score:3, Insightful)

    by qoncept (599709) on Thursday May 22, 2008 @09:18AM (#23504066) Homepage
    I hope people realize this is evidence of how reasonable it is for a company do monitor your e-mail rather than acting like they are being violated. You can't chat online with babes all day.
    • Re:Your rights? (Score:5, Insightful)

      by Hankapobe (1290722) on Thursday May 22, 2008 @09:38AM (#23504304)

      I hope people realize this is evidence of how reasonable it is for a company do monitor your e-mail rather than acting like they are being violated. You can't chat online with babes all day.

      I agree with you. Also, it doesn't even have to be like that.

      I see it like writing a letter and using company letterhead - only it's a domain for email. Your correspondence can imply that it's part of the business of the company you're sending it from. Now, I know someone is going to write, "So, if I send an email from my Yahoo! mail account it implies that I'm doing Yahoo! business?!"

      No. That's not what I'm saying. If I'm at my place of employment and send an email to someone that may be inflammatory, offensive, threatening, or whatever, someone can come back and say, "Hey, what's this? Someone at XYZ Inc. is threatening folks?!?"

      • Re:Your rights? (Score:4, Insightful)

        by Belial6 (794905) on Thursday May 22, 2008 @10:33AM (#23505052)
        That is the first good excuse I have heard for monitoring company email. Of course, if the company doesn't have a similar policy about use of company letterhead, then the reason doesn't fly. My problem with these things is that different rules are applied when its "on a computer".

        The company can solve this problem by making sure that it doesn't block web mail sites. After all, the problem is the domain name right?
  • by InlawBiker (1124825) on Thursday May 22, 2008 @09:18AM (#23504068)
    Where I'm at I'm lucky if I can get anybody at all to read my email. Especially my boss.
  • T-shirts (Score:2, Funny)

    by outlando (1198685)
    Wow. So those 'I read your email' T-shirts are for real then.
  • by PC and Sony Fanboy (1248258) on Thursday May 22, 2008 @09:20AM (#23504104) Journal
    I had a boss who told us when we started that everything we did at work would be monitored.

    I didn't realize the extent of their monitoring! In the contract, it simply said 'all available facilities will be used to monitor employees while working'. I figured they'd check my email once in a while. They read emails, login/logout times, tracked employee positions (cameras in the office! A friend of mine was fired for taking breaks, when he went into his 'final' meeting, they showed him a time lapsed video of himself!) and recorded phone calls.

    All this would come up only when they had a problem with your work - If you produced results, they didn't care what you did otherwise, but if you weren't getting sales, they found some other reason why you were doing poorly...

    I spent 2 weeks skipping breaks and working through lunch trying to get a big (BIG!) contract and I was asked by my manager to do try to get this contract. I spent the rest of my time trying to make some money in the meantime... and I was brought into the office one day and they presented me with the emails I'd sent to my wife during those two weeks and told me that I was wasting company time. I told them they needed to look at the cameras to see I never left my desk, and to check the phone tapes for the last week to see that I was working hard. Turns out they only saved the conversations for a day or two...

    I never got 'disciplined' for poor results after that.
    • by Reality Master 201 (578873) on Thursday May 22, 2008 @09:25AM (#23504160) Journal
      And how long did you stay there? If it was more than 2 weeks past however long it took to find another job, you're a sucker. No offense, but that's some super-duper bullshit treatment.
      • by BVis (267028) on Thursday May 22, 2008 @09:55AM (#23504526)
        What makes you think the next place will be any better? So long as this sort of thing is legal/unregulated, you can assume every employer will do this in the name of productivity/competitiveness/because they can. If you're lucky you'll find a company that understands how treating your employees like human beings until it's proven that they're causing a problem is better than automatically assuming everyone is a lazy lying scumbag.

        I also have to point out that the people who do actual work are the ones impacted by this sort of bullshit. Executives don't get disciplined/fired for sending a three-line email to their spouses unless one of the other executives wants them gone for some reason.
        • So long as this sort of thing is legal/unregulated, you can assume every employer will do this in the name of productivity/competitiveness/because they can.

          Would you not do such monitoring if you had a babysitter or any other house help? Do you want it illegalized/regulated? Oh, maybe, not you personally, but would you consider it unreasonable? Surveillance camera-systems are hot items at the electronics stores with multiple systems available from different vendors (most hubs run Linux, BTW)...

          Point is,

          • by King_TJ (85913)
            I agree... Like SO often happens, people dislike a decision someone else makes, so they scream "There oughta be a law!!"

            On the other hand, people ALSO need to get a firm grasp of the idea that things don't HAVE to be "law" to be good decisions, or the "best" way to handle situations.

            I wouldn't want to see legal regulation preventing me from operating cameras in my own home, for example. Yet, on principle, I never have installed a monitoring system at home to keep an eye on sitters or cleaning people.

            Inste
        • by sjbe (173966) on Thursday May 22, 2008 @10:10AM (#23504748)

          What makes you think the next place will be any better?
          Might not be but neither I nor anyone I know works for a company *that* intrusive. Seriously, why would anyone put up with that unless your employer was the Marine Corps? I don't have a problem with companies wanting work resources to be used for work. Heck I've insisted on it in companies I owned. But there has to be a standard of reasonableness.

          I always told my employees that as long as they got their work done with good quality and on time, we would get along just fine. If they abused that trust they might get a warning but only once. And you know what? It worked. I've had very little turnover and high morale and my employees really worked hard. Sending a few innocuous emails to a significant other doesn't qualify as a breach of trust. Looking at porn in the workplace would be a firing offense. It's really all about what is reasonable.
          • by BVis (267028)

            Seriously, why would anyone put up with that unless your employer was the Marine Corps?
            Because the employer/employee relationship isn't equitable. It boils down to "We have money, you don't. We make the rules, if you don't like them, no money for you."
            • by Abcd1234 (188840) on Thursday May 22, 2008 @10:36AM (#23505112) Homepage
              That's only true in a non-competitive labour market. Any high-skill area where there is a reasonable level of competition, people will simply move to another company where they'll get treated better.

              What does this mean for employees? Develop expertise. If your skills are in reasonably high demand, and you can't be easily replaced, the power weighs heavily on the side of the employee.
            • by sjbe (173966) on Thursday May 22, 2008 @10:41AM (#23505214)

              Because the employer/employee relationship isn't equitable. It boils down to "We have money, you don't. We make the rules, if you don't like them, no money for you."
              You are familiar with the term "at will employment"? You do realize that the terms of many/most jobs are significantly negotiable? You do realize that there are a huge number of companies out there and you can choose which one to work for? It's not nearly so unbalanced as it might appear at first glance.

              The employer/employee relationship is not equitable only if you let it be that way. They need something done and are offering you compensation to do it. That's a fair trade. If the company is not offering fair compensation in reasonable working conditions then don't take the job. Yes, sometimes you'll run into some assclown running the show. Move on as soon as circumstances allow. It's a big world and life is too short to spend it working for jerks.
              • by BVis (267028)

                You are familiar with the term "at will employment"?

                Yes, much more intimately than I'd like to be. (I've actually been told "We don't have to tell you why" when being terminated.) "At will" basically means "The only right you have is to quit."

                You do realize that the terms of many/most jobs are significantly negotiable?

                That might (or might not, IMHO) be true, but my bank won't negotiated with me regarding paying my mortgage if I don't have money.

                You do realize that there are a huge number of companies out

                • Re: (Score:3, Insightful)

                  by element-o.p. (939033)
                  You are choosing to be a victim. Don't get me wrong -- I'm not blaming you. I was in a similar position once. However, I learned from that experience, and I will never be bullied by an employer again. Ever.

                  In that job, the owner was easily the most arrogant, foul-mouthed jerk I have ever met in my life, with the possible exception of his father, who showed up around the office from time to time. During my tenure there, I watched at least two other employees get fired because the owner found out they
        • What makes you think the next place will be any better?

          There are *gasp* actually companies that are employee-oriented.

          Really.

          You can find them in the list of "top companies to work for" regularly published by this publication and that.

          C//
          • by BVis (267028)

            There are *gasp* actually companies that are employee-oriented.
            Unfortunately, the odds are very long that any given job hunter will actually get an offer from one of those companies. Most of us end up working for Dewey Screwem and Howe, and have this kind of Big Brother bullshit to deal with.
    • Overzealous much? (Score:2, Insightful)

      by sjbe (173966)

      I was brought into the office one day and they presented me with the emails I'd sent to my wife during those two weeks and told me that I was wasting company time.

      Wow. I'm note sure whether to be impressed at your restraint or appalled. I would have walked out right that second and never looked back, consequences be damned. I'm a little touchy about not working for assholes however.

      Any company that feels the need to monitor their employees that closely without a really compelling need is not going to last long. (I define compelling need as something on the order of national security, building weapons systems, guarding highly valuable financial assets, or similar

  • by Otter (3800) on Thursday May 22, 2008 @09:23AM (#23504126) Journal
    ...staff to read or otherwise analyze...

    I would imagine that that breaks down to 100% running scanners against email and maybe looking at flagged messages and 0% routine reading of email.

    Given the tedium of slogging through just my own email, you couldn't pay me to spend all day doing that for other people.

  • by schnikies79 (788746) on Thursday May 22, 2008 @09:23AM (#23504136)
    problem solved.

    wow, talk about a non-issue.
    • Re: (Score:2, Interesting)

      I've got news for you - ALL of these products that are worth the price they charge also have the option to monitor your web browsing.

      Think you're safe using webmail at work? Not necessarily. Many webmail services only encrypt the login information, not your actual email. And since it is web based, these products can pick up your personal email if you send them over your corporate connection. Heck, even if your choosen webmail service does use SSL for all of your traffic, some of the more advanced pro

    • by autophile (640621)
      Correction: Don't use work computers for anything personal, including using personal email for personal email on work computers. Because believe you me, they don't just monitor the company email servers, they monitor ports 25, 80, 110, and 143. At least.
  • Cool Job!! (Score:4, Funny)

    by benwiggy (1262536) on Thursday May 22, 2008 @09:23AM (#23504138)
    Dear Sir

    I would like to apply for the job of Chief Sneak and Tattle-tale at your company. I believe I have the relevant nosiness, curiousity and contempt for my fellow employees, along with an over-riding ability to toady to management. I also love lauding it over other people that I know their business.
    • Re: (Score:3, Funny)

      by phagstrom (451510)
      Also I want know how the system works, so I can beat it, when I want to send an email. ;-)
    • Re: (Score:3, Funny)

      by Chrisq (894406)
      Just mail it to anyone. They will find you.
  • by Dreadneck (982170) on Thursday May 22, 2008 @09:30AM (#23504226)
    Of course companies are going to monitor information being sent out over their internet connections. They would be crazy not to. Want privacy? Email on your own time and your own dime.
  • How many have to? (Score:5, Informative)

    by Anonymous Coward on Thursday May 22, 2008 @09:33AM (#23504250)
    What they didn't mention in this is how many of the companies with more thank 20,000 are legally *required* to monitor e-mail. In the financial services sector it is very common to have dedicated staff to perform this function. I would have loved to have seen that number but I can understand why they didn't include it in the interest of cramming a few more ads on that page.....
    • Re:How many have to? (Score:5, Informative)

      by JPLemme (106723) on Thursday May 22, 2008 @09:49AM (#23504440)
      For licensed brokers, the SEC requires that a certain percentage (~33%) of all outgoing emails be monitored. I supported the system used at a large financial services firm for just this task, and the people who had to read these emails weren't doing it because they enjoyed invading other people's privacy. Their biggest wish was a spam-filterish tool that would remove all the personal emails so they would only have to read the emails that were pertinent to the business.

      Of course the brokers knew that was the case when they were hired. You can't argue with the SEC.

      I know that there is bad, privacy-invading snooping going on in some firms, but when I see statistics like "41%" I want to know how many were doing it because they had to vs how many were just being creeps.
  • Unless the government is one of the involved firms, you have no expectation of privacy in the job place. This can be easily testified to by looking around and seeing security cameras everywhere in your place of employment.
  • At work it's ok to chat with friends, in moderation, as long at the work gets done.

    Even with that policy though, when I chat with my wife or friends when I'm at work, I use Off The Record to encrypt my conversations.

    It helps that my wife and brother Adium which already had it installed, and that I use a Linux at work which has packages in the repository.

    And when I do send emails from work it's from Gmail, and always with https.

    I figure that the work email is for work stuff, and they can monitor their busine
  • by farrellj (563) * on Thursday May 22, 2008 @09:46AM (#23504416) Homepage Journal
    Some countries, like Canada, treat email like paper mail, and you need a court order to read an employee's email. If you can't trust someone, don't employ them!

    ttyl
              Farrell
    • by linuxbert (78156) on Thursday May 22, 2008 @01:09PM (#23507612) Homepage Journal
      Not true.
      Email is treated like paper mail, however if it is addressed to the company, then they own it. and can read/open and redirect as they see fit.
      The company, or anyone cant read your personal mail, but if it has the companies address on it, it is addressed to them, so they can.
  • by Anonymous Coward on Thursday May 22, 2008 @09:49AM (#23504442)
    Our company has had to set up some email filtering and archiving. Why?

    A receptionist for our company was fired for sending out bulk pornographic email, including video. He has done it for months. He's suing us, because he claims he was fired because he is gay. We only have a few of those emails that he send on backup because our backup only goes so far, will it be enough to not have to pay him big bucks and rehire him?

    An accountant was fired for gross incompetance. She fouled up our main systems, needed her password reset with the Feds at $100 a pop several times a month, etc. Finally, she comes in and demands to work 30 hours but still get 40 hours pay. She was fired after a public tantrum. She is suing us, because she is black and claims racial discrimination. We need a LOT of documentation to back up our claims that she wasn't a good employee, because she can just say we don't have enough black people, and that can be considered proof of discrimination by itself.

    We are heavily regulated about customer information. If someone emails out another persons personal information outside the company, and it makes the news, we all suffer. We have to monitor for that too.

    We have to take preventative measures to block bad language from coming in and going out. We can get sued because an employee called a customer a f*cker in an email, or because someone saw a dirty joke on someone else's screen (sexual harassment).

    Laws were written up to protect the "little guy", so now we have to prove to government agencies that we have made accurate hiring and firing decisions. We have to support our claims, and take preventive action, because there are so many ways that we can get screwed by employees I can't even count them.

    This week we had to let someone go because they came up short by $750. We had two people dedicated to figuring out what happened for two days. We spent a lot on money and time, and we are looking forward to the inevitable lawsuit. We have email to back it all up, and because of procedures we have in place, the emails are professional and straightforward, instead of causal and possibly derogatory. It took us a while to get here, but yes, this is what you asked for. By increasing our risk through lawsuits and regulatory compliance, we have to manage that risk by monitoring our employees.

    Go swear to your friends at home.

    • Re: (Score:3, Insightful)

      by Hoi Polloi (522990)
      Maybe you need to focus on tightening your hiring process.
    • by King_TJ (85913) on Thursday May 22, 2008 @11:37AM (#23506134) Journal
      I agree with much of what you're saying. But I'd also point out that email *filtering* and *archiving* are two vastly different things.

      It seems to me that practically all of the issues you're bringing up could be handled successfully by retaining good email backups, going back for a reasonable length of time?

      Our company doesn't do anything special in the way of attempting to read employee's emails or filter their content. But we DO have backup systems that dump copies of all the mailboxes onto nightly backups, and we keep a couple alternating "month end" tapes, plus a "year end" tape that's archived away.

      This way, if something actually comes up, there's a decent amount of supporting email evidence that can be retrieved for that specific situation.

      Otherwise, employees have a general expectation that nobody's monitoring their daily email correspondence in a "big brother" fashion.
  • ... to be an American. I think you guys gave up way too many rights in the past few years. (This is not meant to be a flaimbait).

    Ok, so under certain circumstances & organizations I agree that having others read your email regularly could be justified, but that would be like 1 out of 1000 companies at most. Also, who's reading the email of the person who reads your emails? Unless you work for the NSA, FBI, etc, this kind of behaviour does not breed positive morale or a relaxed work environment, nevermin
    • Ok, so under certain circumstances & organizations I agree that having others read your email regularly could be justified, but that would be like 1 out of 1000 companies at most.

      I'm not sure have a clue how easy and common it is for companies to get sued. Look, I'm all for reasonableness in monitoring workplace behavior but any company of any size gets sued regularly for all sorts of frivolous reasons. Seriously, there are a LOT of people out there who will lawyer up at the slightest perceived slight. I've witnessed these lawsuits firsthand.

      Want to fire someone? You damn well better have thorough documentation about how they were not a good employee and were breaking company p

    • by jellie (949898)
      It's not exactly that cut-and-dried. In the US, a (private) company can monitor it's email and phones, have cameras set up, and filter web traffic because it's their property.

      I doubt companies actually care about your calls or emails to your wife or daughter. Honestly, imagine how ridiculous it would look if they had to explain to a judge that you always did all your work, but you were fired because your loved your family? Companies are much more worried about employees disclosing protected information or h
  • ....que nadie entendeis cuando escribes asi;

    Especialmente cuando deja a deletrear palabras correctamente asi que no traducen.

    • by kellyb9 (954229) on Thursday May 22, 2008 @10:07AM (#23504700)

      ....que nadie entendeis cuando escribes asi; Especialmente cuando deja a deletrear palabras correctamente asi que no traducen.
      You, sir, must be a terrorist.
    • by Ken_g6 (775014)

      ....que nadie entendeis cuando escribes asi;

      Especialmente cuando deja a deletrear palabras correctamente asi que no traducen.
      "...that nobody understands when you write like this;

      Especially when [allowed to] spell words correctly like this that don't translate."

      Nunca asumes! (Unless you're a Navajo code talker [wikipedia.org] or something.)
      • it's more a problem when you start phonetically swapping letters around

        For example, 'que' becomes 'k', 'para' becomes 'pa' ec, miss off accents (like in the example I provided); it's not uncommon to mash a sentence beyond what can be reasonably translated.
  • Employers are implementing policies against using copiers and other office equipment for personal use! Oh the horror!

    How can employees be expected to tolerate this denial of their personal freedoms?!

    • by Lumpy (12016)
      How can employees be expected to tolerate this denial of their personal freedoms?!

      keying the bosses car, leaving a turd in front of his office, there are thousands of things you can do to make your bosses life miserable and not get caught doing it if you are good.

      A buddy of mine for a year screwed with our boss so badly that he quit. The guy deserved it, Micromanagers need to be screwed with hard. Little harmless things add up to major meltdowns if done right.
  • by emptycorp (908368) on Thursday May 22, 2008 @10:00AM (#23504600)
    Who watches the e-mails of the people who watch the e-mails...
  • by Adeptus_Luminati (634274) on Thursday May 22, 2008 @10:07AM (#23504696)
    Even though technology is making easier and faster for companies to adopt this kind of behaviour, for the time being you still have some options...

    1) Work for companies with over worked and under-budged IT departments who fight fires daily and have no long term plans - These companies are highly likely not to have any time to be reading your emails. Hell, you'd be lucky if the mail server stays up all week.
    2) Write emails in foreign languages. In North America this works well, where so many people only speak English. Alternatively, teach your loved ones to use encryption in emails.
    3) Use a fax machine. I know, waste of paper, but most companies don't have technology implemented to sniff/wiretap fax transmissions.
    4) RDP to your home PC and write an email from there to your loved ones.
    5) Make calls from conference rooms instead of your desk. This won't work if you call people daily, but its good if you need to make personal calls once a week or so. At the very least, it won't show up on your phone's call log, or the PBX's log about your phone.
    6)If none of these are an option, you are working for a company that doesn't respect your privacy. Stand up for yourself, and go find another job.

  • reading the posts here definitely reminds me of numerous scenes from the 1985 movie, Brazil...

  • And opening themselves up for privacy lawsuits. Hmmm... get an email from a parent concerned about health issue X you are experiencing (unbeknownst to your employer). Employer finds out and terminates employee or boss uses it for leverage for extra work/projects. According to Mark Rasch from SecurityFocus.com, it's not as clear cut as one might think. Varying laws in the USA from State to State make the issue even more challenging. From Mark: "In many states, the same law that prohibits the interception or recording of telephone calls also prohibits the interception or recording of electronic communications without the consent of all parties."(Reference: http://www.securityfocus.com/columnists/412 [securityfocus.com]).

    Talk about a confusing issue. You require outright consent from employees AND the party your emailing. Period. No exceptions. Simply stating 'we monitor all emails' will not hold up in court - should it ever come to it - you need permission from that individual employee - or all employees and have a readily available record of their consent.

    If what I'm reading is correct, its far easier to leave your emails alone, and then search if you have an issue with court permission, than it is to be actively reading emails.
    • Re: (Score:2, Informative)

      by stonetony (464331)
      Your argument completely ignores the fact that both the healthcare and financial industries have government oversight that requires that companies actively monitor emails. Not monitoring messages in those sectors isn't even an option on the table. If they don't do it the government fines them.
  • by Anonymous Coward on Thursday May 22, 2008 @10:36AM (#23505104)
    I work for a large (300,000+ mailboxes) company in the financial industry. I happen to work in the electronic communications group as a systems architect and my specific area of expertise is the design and implementation of systems that monitor email and IM conversations of employees. At a high level there are two major reasons we have systems in place that monitor these types of communications:

    1) Because my company is a SEC & NASD registered company we are *required* by law to both actively monitor (in some instances we stop emails mid stream and hold them in a queue until a reviewer approves them) and archive all email/IMs of all employees who carry a license with those organizations. To not do so would be considered criminal activity and we would incur huge fines (hundreds of millions of dollars). We've been fined before; those fines were creatively structured to require that we invest XXX millions of dollars into systems that allow us to meet the requirements. A very basic example of the type of thing we monitor for are indications of insider trading. More than one broker has been let go after being caught trading unethically.

    2) The second major reason we monitor electronic communications is to limit the liability of the company by halting the distribution (usually unintended) of non-public information... also known as NPI. A basic example of the types of things we monitor for are things that impact the financial well being of our customers (both people and business customers) such as account numbers, SSNs, passwords, insider company information, etc. Everyone who works at my company is subject to this second type of monitoring.

    Naturally having these systems in place opens those who are being monitored to having their communications scrutinized for other types of violations... namely violations of corporate policy. i.e. use of profanity or other behavior deemed inappropriate and not considered behavior that is acceptable as representative of the corporation's image. We do actively scan for these types of issues, but generally just file the information away in case it triggers a customer complaint or is identified as repetitive and needs to be addressed by a person's manager.

    I don't want to discuss the products we're using today because that is proprietary information, but I can tell you without a shadow of a doubt what direction the monitoring industry is going. There are already a handful of companies who can actively monitor data using a common set of rules/policies at ever layer of the infrastructure. There's a company called Orchestria, for example and who we have been talking to recently, who through a centralized policy engine can monitor literally everything you do on your computer through agents installed on the desktop, agents installed on IM gateways, agents installed on mail servers, agents installed on proxy servers and a border agent appliance that ideally sits in the DMZ that will perform packet level scanning and can block literally anything that it can read from those packets... going as far as to block encrypted data or brute force hack encrypted data on the fly and hold it in queue until it is scanned.

    Scary right?

    It depends on who you are I guess. As a technical person and admitted nerd I think that's cool as hell. It's the conspiracy theorist in me who is scared.
  • No outgoing e-mail (Score:2, Interesting)

    by Metorical (1241524)
    A friend of mine at some big name bank sent me some intersting e-mails about the possibility of said big name bank being taken over by other big name bank.

    Interestingly he's been blocked from sending e-mails now but can still receive them!
  • Give me just one port, to one machine on the outside which I control, and I'll proxy everything through there... mostly using it to surf the job sites and mail out resumes to companies without this sort of policy. If a company's priorities include dedicating staff to reading employee email on a routine basis, I don't want to work there.
  • How is this different from Google reading, indexing and tagging every word in your e-mails? Is it bad just because they actually hire people instead of using an AI?
  • in several industries, especially the financial industries. Programs are written specifically to monitor outbound communications to make sure that brokers are making fraudulent promises, etc...

    IIRC, the Supreme Court settled this law years ago. Corporate email is the corporations, and they may do with it as they wish. Want your communications to be more private? Use a wireless device that you pay for. It isn't a guarantee of privacy, but it will avoid the corporate network sniffers.
  • by Livius (318358) on Thursday May 22, 2008 @01:15PM (#23507726)
    Correspondence from your work e-mail is no different from paper mail on company letterhead. The company owns what has its name on it and what's composed on company time.

    But some companies might be better off putting that kind of effort into quality control on the *products* they send out, rather than correspondence.

UNIX was half a billion (500000000) seconds old on Tue Nov 5 00:53:20 1985 GMT (measuring since the time(2) epoch). -- Andy Tannenbaum

Working...