Employers Logging Keystrokes-What Can You Do? 185
"I live under the assumption that my employer cannot tap my telephone or open mail delivered by the US postal service and that I have the right to free speech under the constitution. Why is my E-mail and my very keystrokes on the computer any different? Please remember my work does not involve national security. Also, since this policy was not in effect when I started my employment what are my rights if I refuse to agree with the conditions and log off?"
What does one do (aside from up and quit) when you discover that your employer is spying on you -- by any method? I can understand an employer wanting to know what his employees are doing, but there is a line somewhere they shouldn't be able to cross (employees have rights, too). Where that line is, however, is anyone's guess.
Re:welcome to government service (Score:1)
If you work for the Department of Defense, it is required by regulation that you have a 'warning' banner that is displayed when you log onto the machine's console, or by the service when you access it via the network.
As you mentioned, they require it to prove to a federal judge that a cracker did know the system they had accessed was a government system, otherwise it's a state/local/civil case. It is also notification to the user that anything they do can potentially be monitored (btw, the phones also usually also have stickers saying that they can be monitored at any time); while I don't know of any keyboard monitoring going on, I know that website traffic is being logged, and messages going through the 'offical' e-mail servers is subjected to a keyword search. What can be captured, the methods for capturing, and who has access to that information is strictly controlled (at least in my experience).
If you're getting that Fed paycheck, and you don't like what's going on, walk to the commercial side, where it's becoming endemic and doesn't have any regulation at all.
Re:Monitoring, Sysadminning, Ethics (Score:1)
Re:Fully legal (Score:1)
Agreed. Your employer owns the resources, not you, so they can do pretty much anything they want with them. If you don't like it, you're welcome to go work somewhere else.
This is starting to become a big problem at certain facilities of a large computer maker that were once part of another large computer maker. Since they put censorware on the firewall, started drug testing employees and implemented certain other onerous policies, a big exodus has started here.
They think they can improve morale and make this a fun place to work by building us a game room with billiards, air hockey, foosball tables, etc., etc. but the damage has already been done and a lot of good people are bailing out.
I haven't left yet, but I'm interviewing. :-)
Sad. This used to be a fun place to work.
Posting anonymously for obvious reasons...
Re:Fully legal (Score:1)
I've worked in far less facist environments, and still analog jacks were near impossible to get installed, and almost never in a cubicle or office. Furthermore, fax machines were mandated to be in public areas. (You can however, get an analog adapter for most PBX systems.)
Re:depends (Score:1)
Simple. (Score:1)
Oh wait, maybe you already did.
Yeah! How dare they? They pay you to do work, it's not fair that they actually check up on ya! It's not like Secret Service agents are expected to keep ahold of their weapons (Chicago, female guard for Mrs. Clinton loses her purse in a bar), or your laptops (who hasn't heard this story by now?). So what if they want to improve security if it bothers you, they should stop. Better yet, they should only give these rules to people that matter. Yeah, that way lowly folks are still able to sell papers on eBay. No rules should be applied to all government employees, contractors, etc. That's just, like, so unfair. It's not like you can find a job anywhere else if the business practices bother you. The business needs to conform to your standards, not the other way around!
Of course, when they confront you for typing "I like kiddie porn" over and over then emailing yourself that for six weeks straight, just defend yourself as our fine Democrat party does of the best President in the history of the universe. 1) Ask your acusers, "What's your definition of keystroke?" 2) Tell them, "There's only eight months left in this administration, why are you bothering prosecuting me? Just let sleeping dogs lie." 3) Go in front of Congress when they bring hearings against you and tell them, "Asking me about my kiddie porn habits doesn't feed a single child, give shelter to homeless, save social security for mopes who can't save themselves, or give justice to African American or Hispanic children. You people need to do some real work, not investigate kiddie porn emails." 4) Go on the Today show, Good Morning America, Oprah, anything else you can, and talk of a "vast right-wing conspiracy" that has been trying to get you since 1992. And finally 5) Take the job as a limo driver in Washington when they offer it to you.
Heh (Score:1)
they can but ... (Score:1)
Just create a lot of noise... (Score:1)
sub getWord() {
my ($number) = @_;
my $answer;
open DICT, "/usr/dict/words";
while($number--) {
$answer = ;
}
return $answer;
}
open TERMINAL, "/dev/pttyN";
while(true) {
sleep 10;
print TERMINAL (getWord(random()));
}
close TERMINAL;
What about PGP? (Score:1)
Fialar
Re:DoEnergy? (Score:1)
Usually not weapons, but certainly research with military applications. A few example of DOE projects:
Tapping phones and opening mail... (Score:1)
Our workplace has same with almost same wording. (Score:1)
I know we keep short-term logs of what passes through the proxy servers, but we are (amusingly) under orders from higher up to NOT check the logs for sites visited.
See, your boss probably doesn't want to be monitored either...
Re:Government Cheese (Score:1)
Yes, but there are DOE-funded labs that do no weapons research, and indeed no secret research whatsoever. Fermi National Accelerator Lab comes to mind as an example. They have no nuclear secrets to protect.
DoEnergy? (Score:1)
Why? Is it an accounting trick to say "We reduced our military expenses"?
I suppose that the FDA is researching "methanol engines" just to balance. All in all, methanol is sort of a drug.
__
Re:Fully legal (Score:1)
IMHO (and IANAL) I don't see why the DoE would allow employees to even bring a laptop into work. I know you're not handling sensitive information, but from what I've seen, they're very low on tolerance and high on suspicion there.
Droit devant soi on ne peut pas aller bien loin...
Worked For DOE (Score:1)
required then and were supposed to be on all computers from 1990 or so onward. A lot of sysadmins didnt put them up for the usual "Hey this violates my rights.". Well the problem is that you are working for the agency that deals a LOT in nuclear weapons, national secrets, and other things that the US feels doesnt need to be seen by everyone.
That was your choice in going there. You can make protests (LANL scientists did one day strikes over enforcing the computer rules in 1999.. but went to work after that), but other than symbolism your only effective way of changing a lot of the rules is get a majority of Congress to pass repeals of rules that govern what you can and can not do in labs even remotely related to National Secrets.
90% of the time people will whine around the coffee pot, but dont put their feet into action.
Good Luck
Stephen Smoogen
Why is this so bad? (Score:1)
You work for them! They should be able to hold you accountable for everything you do while at work. You say that you think you have the write to have regular mail go by without interception... If they wanted to look at office communication to/from you, they could legitimately do so.
Now, if they tried to extend this to (non-DOE) computers/accounts that you use when you aren't at work, then of course that's Bad. But anything you do at work should be monitorable.
Re:Perfectly Legal - Even without notice (Score:1)
AFAIK ... (Score:1)
Absolutely Legal (Score:1)
Re:Fully legal - conflict (Score:1)
I have been in long debates over this.... Trust me. I had computer ethics classes.
Leimy
Re:At least they warned you... (Score:1)
It has prevented a lot of business espionage from happening in the past and those who get caught get fired.
Leimy
What can I say? (Score:1)
"I live under the assumption that my employer cannot tap my telephone or open mail delivered by the US postal service and that I have the right to free speech under the constitution.
Correct. However, I would suppose that this only applies outside of your workplace. No one can (legally) open mail that goes to your house or tap your home phone (although, apparently the FBI can get a court order and do this--this is wrong IMO). Since your employer owns the telephone and computer in your office and you make a contract to work for them, they can monitor you. I think you could look at it as if they were allowing you to use their equipment and have an agreement on what you can and cannot use it for.
Why is my E-mail and my very keystrokes on the computer any different? Please remember my work does not involve national security.
I don't think it really matters. I think that any employer (private or public) can make agreements on what their employees can and cannot do at work.
Also, since this policy was not in effect when I started my employment what are my rights if I refuse to agree with the conditions and log off?"
Now, this is an excellent question that I don't have an answer to at all. I assume that those "you agree so long as you have read this" things are actually binding; otherwise, all those software licenses would be void.
The real giggler... (Score:1)
I suppose that's to be expected in these days of "Log onto our website at www.duhhhh.com"
Re:They own it. You don't. (Score:1)
Later on, I've come to the conclusion that systems administrators, even when allowed by the managers, don't have time to read other peoples email. There is work to do, and unless monitoring email is on high priority (in which case there are people whose job it is, who really don't do any technical administration), nobody is going to care. Yes, I've seen logs from web proxies - lots of *xxx*.com sites. Then the company established policies regarding surfing the web, and added blocklists to the proxies. Not just about porn, but eg. games-sites (young employees means playstation.com is high on the list). Some manager checked weekly log reports about which domains were hit most often, and added sites to blocklists.
But the main point is, unless there are huge resources for just monitoring people, nobody is going to have time to do it. OK, some weekly reports about domains most hit by browsers or email, something like that. And when there are problems (eg. administrators get virus warnings from email scanning subsystem), more close monitoring of single events.
I challenge anyone to tell that they really have worked in a position where they have really monitored people's doing, not because of something not working or alike, but just because a) they can or b) they're required to do it.
Re:Ironic: Government ignores Constitution (Score:1)
They're not searching and seizing anything they don't own. It's their computer, their network, and you're there on your dime. If it was your computer, your network, your time, and they're tapping into it, that's where the 4th ammendment comes into play.
>> And why shouldn't a private employer be held to the Constitution also? They are located in America; shouldn't they have to play by the same rules as everybody else? Something is really wrong here.
Yes, your grasp of the constitution is wrong here. The bill of rights is specifically set up to limit the rights of the _government_, not individuals or businesses. Limits to the rights of businesses and individuals are made by laws, not by the bill of rights.
If you don't like an employer's policy that IS legal, you have the right to leave. You can find another employer, or go into work for yourself. You can start a company, hire employees, and then decide if you want to give them free reign to do whatever they want from the computers and networks you own, on your dime. (Hmm. Angry employee launches a DOS or crack attempt from your network and you didn't do anything about it or even have a system in place to catch it? What how fast your butt gets sued and you're out of business. Disgruntled employee sends trade secrets to your rivals? Your rivals flourish, your business goes under.) Boy, it's completely unethical for these businesses to want to know what you are doing while you're being paid to work for them on their computers and their networks!
Re:Fully legal (Score:1)
If they want to raise a general discussion about whether this is right or wrong a regular
You lucky bahstids (Score:1)
Lately, the courts have ruled that this also includes emails sent from government computers. Imagine not only having your employer able to snoop your email, but having it possible for any reporter with an axe to grind scan it for anything suspicious.
Let me tell you, in Sweden, you want to be working for the military. At least, they'll keep whatever info they gain to themselves.
---
Re:Government Cheese (Score:1)
It's called 10 kg weapons grade plutonium, produced from any 'breeder' reactor.
Most Americans don't realize that smallpox killed off upto 90% of the non-euorpean population from 1492 to the early 15 hundreds. Sure it wasn't intentional but it was more effective than anything else unleashed on a population before, since?
LittleBrother (Score:1)
(this was before they had mentioned it to the employees, I just wanted them to know I had found out their little secret)
Well, after that little bit of rather juvenile defiance, I got down to serious business. Luckily I ran Slackware at work. I created a perl program that would randomly generate 'legal' web requests (about 5-10 an hour, with a break for lunch
I've still got the program, should anyone want a copy..
Oh, and I also started doing all my illicit web browsing through an ssh encrypted session..
A way around the keystroke recording? (Score:1)
I don't know where windows would capture the keystroke? Keyboard driver, or GUI widget inputs?
If its keyboard driver, then mouse clicks would fix the situation..
Or just install linux.
The web tracking is a different problem.
Re:Government Cheese (Score:1)
One more thing--someone mentioned workers protesting security measures at Los Alamos. They were very correct--the most effective solution here when dealing with the gov't or a corporation is to organize and protest. Organized Labor--it's worked before.
Re:No "rights" are needed if you're doing your job (Score:1)
Whoo... Comments like this make me paranoid. As far as I understand, these kind of "Big brother is watching you" things are legal in the US. I'm glad I live in the Netherlands. Here, spying on employees is considered a bad thing.
In the Netherlands there was great controversy about placing security camara's in public places (mostly in city centre's with large amounts of bars in the neighborhood). They even created special privacy rules for police officers that were watching the pictures.
I do understand that employers want to know what their employees are doing, but I believe spying on them is not a good way to increase their productivty. Giving employees a bit of responsibility works usually better than treating them as bad guys on forehand.
Re:Monitoring, Sysadminning, Ethics (Score:1)
... so I do a scan of /home looking for core files. Delete a couple of them. Helps a bit, but still very full. OK, scan for the biggest files...
(readable only by the owner - at least the boss had HALF a clue...)Er, right... OK... This is the boss that asked me to make space, OK... how to be tactful about this? Hmm, OK, how about I just "du /home | sort -n -r | head | mail -s 'these are the biggest directories on /home - please tidy them up' allstaff"...
Interestingly enough, the largest directory was now called ~name-of-boss/p/m/. The largest file was still ~name-of-boss/p/m/fisting.mpg...
I figured, what the hell, delete a couple of them, 20% of disk space restored, let's see if he's going to ask me to restore THEM from a backup! :-)
And NO, I'm not going to name the boss, or even the company that I used to work for then... :-p
DoD Systems Have Similar Warning (Score:1)
THIS IS A DEPARTMENT OF DEFENSE COMPUTER SYSTEM. THIS COMPUTER
SYSTEM, INCLUDING ALL RELATED EQUIPMENT, NETWORKS AND NETWORK DEVICES
(SPECIFICALLY INCLUDING INTERNET ACCESS), ARE PROVIDED ONLY FOR
AUTHORIZED U.S. GOVERNMENT USE. DOD COMPUTER SYSTEMS MAY BE
MONITORED FOR ALL LAWFUL PURPOSES, INCLUDING TO ENSURE THAT THEIR USE
IS AUTHORIZED, FOR MANAGEMENT OF THE SYSTEM, TO FACILITATE PROTECTION
AGAINST UNAUTHORIZED ACCESS, AND TO VERIFY SECURITY PROCEDURES,
SURVIVABILITY AND OPERATIONAL SECURITY. MONITORING INCLUDES ACTIVE
ATTACKS BY AUTHORIZED DOD ENTITIES TO TEST OR VERIFY THE SECURITY OF
THIS SYSTEM. DURING MONITORING, INFORMATION MAY BE EXAMINED,
RECORDED, COPIED AND USED FOR AUTHORIZED PURPOSES. ALL INFORMATION,
INCLUDING PERSONAL INFORMATION, PLACED ON OR SENT OVER THIS SYSTEM MAY
BE MONITORED.
USE OF THIS DOD COMPUTER SYSTEM, AUTHORIZED OR UNAUTHORIZED,
CONSTITUTES CONSENT TO MONITORING OF THIS SYSTEM. UNAUTHORIZED USE
MAY SUBJECT YOU TO CRIMINAL PROSECUTION. EVIDENCE OF UNAUTHORIZED USE
COLLECTED DURING MONITORING MAY BE USED FOR ADMINISTRATIVE, CRIMINAL
OR OTHER ADVERSE ACTION. USE OF THIS SYSTEM CONSTITUTES CONSENT TO
MONITORING FOR THESE PURPOSES.
I figure that this is just part of my job, like the nosy background check I had to go through. As long as I am doing my job, I should have nothing to worry about. (My $0.02)
Re:Fully legal (Score:1)
Re:Fully legal (Score:1)
That's fascist.
I saw an angry Cuban holding up a "facist"
sign the day after the Elian raid and it
made me giggle...
Re: Irrelevant USA bashing. (Score:1)
NOBODY should have the power to develop nuclear weapons!
You're six decades too late, I'm afraid. The Germans began developing nuclear weapons in the late 1930s, and the U.S. and U.K. and U.S.S.R. started very soon afterwards.
I'll play devil's advocate and argue that the half century of relative peace in the world among the superpowers (no instances of "total war") is a direct result of deterrance. I know this will be hard for you to swallow, but in the context of preventing conflict nuclear weapons have actually saved lives and have reduced human suffering.
Now stop living in the dream world, Neo, and come to the real world. Nuclear weapons exist. Many nations have them. Many nations want them. No nation (except South Africa) has ever willingly dismantled and destroyed its entire stockpile. Talk of love and peace and "let's all hold hands and sing" is quaintly antiquated, and not even a remotely practical way to solve the problem.
You remind me of some of my former students, "Our having to learn this electromagnetic theory is stupid!" They didn't persuade me then, and I'm afraid that you don't persuade me now.
Clauswitz wrote of war that the threat of war and the resolve to go to war to settle a conflict is vital to a nation's being able to conduct foreign policy. I suggest you get used to the concept of war; it has been around for a very long time, and it does not appear to be going away anytime soon.
I think you would find that most citizens of ANY country would prefer to have peaceful relations with other countries than be at war.
The United Nations, arguably the largest representitive body in the world, continually sends out troops to "keep the peace" in places. Sometimes "keeping the peace" results in wars being fought by these same troops. I would argue that sometimes when the cause is sufficiently important most people would prefer war to passivity. To say "let's all get along with one another and not fight" is impractical when the opposing side does not share the same distaste for conflict, or when the cost of human suffering resulting from not fighting is too great.
Agreed. Now just how do you intend to carry this out? (And what exactly does this have to do with stopping Hitler?) Again, I suggest you take a good look at the world as it is rather than as you want it to be. You would be surprised at just how nasty people can be towards one another.
Oh, and in case you couldnt tell, I believe the open source idea should be applied to everything.
Then I hope that you and your family are among the first to suffer once "Anthrax Incubation for Dummies" and "An Idiot's Guide to Saren" kits are sold over the internet.
Re: Irrelevant USA bashing? Not so. (Score:1)
Perhaps I misunderstood your post. Upon rereading it I get the impression that when you wrote that you (and, according to you, the rest of the world) consider the U.S. to be roughly equivalent to Iraq in terms of its use of weapons of mass destruction. Is this the point you were trying to make? After a list of questionable activities of the U.S. government, you compare the United States' activities with Iraq's, a state that has used chemical and biological weapons on its own people (as well as on Iran during the Iraq-Iran war). If this isn't bashing, it's at the very least an unfair comparison, one that deserved some attention IMO.
The U.S. nuclear stockpile is safer than almost any other present-day stockpile. (The likely exception being China's).
Don't become yet another person whose response to anything that fails to glorify the USA is a kneejerk assumption of anti-americanism on behalf of the writer. That's an irrational cop-out.
Don't assume that because I object to your comparison that I am some kind of flag-waving zealot, or that I'm even from the U.S. That's also an irrational cop-out. I merely was pointing out that controlling the information that facilitates construction of weapons of mass destruction is the prudent thing to do; one's feelings towards the nations with the capacity are immaterial. This has nothing to do with whether or not you agree with the policies of the nations who have nuclear weapons. It has nothing to do with the right or wrong of developing or using nuclear weapons in the past, the moral dilemma of spending large amounts of tax dollars on the unpopular task of safeguarding the U.S. nuclear capacity, on the ethical problems associated with advocating disarmament in one breath and talking SDI development and resuming testing in the next, on being slow to ratify or carry out any treaty unless it gives the U.S. a strategic edge. This has nothing to do with anything, really, except the cold hard fact that the fewer nations with the capability of waging nuclear war the smaller the chance that an accident can occur or that some loose-reined fool like "bombs away LeMay" could intiate nuclear aggression.
You and I are probably in agreement here. You wanted to make a point, and so did I, and I think we both agree with each others' points. My apologies if I misunderstood your original post.
(Truth be told, perhaps the most responsible nation in terms of nuclear weapons is South Africa; they are the only nation to have developed and tested nuclear weapons and then willingly relinquished this capability. Of course, since saying anything positive about South Africa is politically incorrect I think I'll stop here).
Re: Irrelevant USA bashing. (Score:1)
An organization requires three things to develop a nuclear capacity: 1) The technical expertise and knowledge of how to develop nuclear weapons, 2) the raw materials, and 3) enough capital to do so. Protecting nuclear secrets falls under item 1). Unless you are so loopy as to believe that the world would be safer if everyone who wanted a nuclear capacity had one, you cannot deny that protecting nuclear weapons secrets is the correct course of action, if even by a nation that you loathe so much.
Re:Government Cheese (Score:1)
Sjee, my guess is that it will not work.. Countries or individuals, who have interest in bio-, chemo-. nuclear-, infotech have like, the Internet -duh, to find information on priciples, the curiosity to keep looking anyways, the inventiveness to spy on us in any means, in spite of us spooking our national energy workers.
Maybe we should focus on education and free information, instead of censoring.
Slhugs SlashDread
Re: bahstids, NO! Swedens openness is GOOD(tm) (Score:1)
What is FAR more important is who is to have access to all that data.. If it IS NOT public, THEN only THEN I am scred.
Imagine the whole world being viddotaped from some sats.. On a high res, infinite backup scale.. We CAN NOT stop such a thing, it WILL happen. Sooner or later. Thats ok thou.. as long as I CAN SEE IT TOO.
Greets SlashDread
Academia? (Score:1)
Which do you really think they are looking for? (Score:1)
It's been so long since we.....( long description of what the individual would like to be doing with Julie).
of
Dear Sadam:
Here is the information you requested on the guidance system of the Patriot Missle. As you can see the system could be jamned sufficiently to force it to miss your scuds.
Both emails are inappropiate, one means someone may be having an illicit affair, the other means that some vital information has been given away that will prevent anti-missle defense systems from working as intended.
Come on. The DOE or DOD aren't going to be looking through your stuff to see if you're surfing porn. They might, but are going to care a whole lot less than if you are selling National Security Secrets.
That's why (as steted in the original article) they implemented it. Someone apparently sold such secrets, they want to stop it.
Post a FOIA Request (Score:1)
Every week (or every day), post a Freedom of Information Act (FOIA) request for ALL logs they have kept on you. If the information requested is not a matter of national security, they MUST provide any and all logs they have kept on you.
Of course, if they haven't kept any logs, you can be happy that they haven't (yet) chosen to spy on you.
If enough people posted enough FOIA requests for full keystroke logs, the department would get tired pretty quickly and probably stop.
Re:Fully legal - conflict (Score:1)
Re:Fully legal (Score:1)
--
"HORSE."
Re:DoEnergy? (Score:1)
All (the vast majority) of the funding is provided by the DOD, but the DOE does the research. This is just an artifact of the way the federal budget is set up. There are two separate classifications, the function classification and the agency classification. As another example, the money for crop subsidies goes under the USDA, even though they don't really do much for the program.
Most of the budget is like this, actually. And by "this", you can take me to mean either split up into function and agency budgets, or incredibly obscure and confusing. As another little tidbit, Lawrence Livermore is administered by the UC Regents (benefits, etc.) of BSD fame.
Walt
Not just the US... (Score:1)
I've worked as a contractor for several high profile Comms companies over here in the UK and all of them have similar messages on the logon screens. Most of the time, people just don't give a shed about it, but I know that it is possible for the admins to monitor who does what and goes where.
I didn't like it then, so I found a way around it. I still don't now, even though I'm at a different company now. I've just found my way around it... Thank fsck for the lax DHCP servers they have around here....
I know that the places I've worked here do have the ability to prosecute you based on the strength of the NDA (Non Disclosure Agreement) that people have to sign when they start work and that the logon warning just gives a little more leverage so that if they had an axe to grind, they could really nail you. I know of people who've been out of the door quicker than a hamster on speed, with a couple of "helpers" to make sure he doesn't get "lost" or "forget" something on the way out.
Like I said before, I just work around things like that these days: If it's not obscure, it's too easy.
Re:Fully legal (Score:2)
More likely in this case, they would probably reconsider his employment. The government doesn't have much of a sense of humor.
...phil
Hmmm (Score:2)
I'm slightly sceptical about the kiddie porn business though. It's the example that's always given whenever politians try to justify surveillance, encryption bans, whatever. What kind of admissions policy would hire someone stupid enough, nevermind sick enough, to view kiddie porn in a government office ? Do you think that blanket surviellance of the population is justified (we must protect the children...), after all kiddie porn is equally detestable at home or at work ?
I'm not arguing that employers don't have the right to monitor their employees, just that it's usually misguided.
> I would far prefer competent creative employees doing their job all the time
Does the word "Duh" mean anything to you ? The point I was making which you ignored (reasonably considering my rudeness) is that it makes far more sense to judge people according to what they produce rather than how they spend their time.
Suppose I have 2 employees: Bill produces 10 widgets a day, Fred produces 5 widgets a day (of equal quality), Fred spends his whole time working diligently, but Bill spends half the day masturbating in the bathroom. I would fire Fred before Bill. It would be even better if Bill cut down on the wanking and produced 20 widgets a day.
Distrust and intimidation is seldom an optimal way to get better performance from your workers. It might be a reasonable way to run a cotton farm with slave labour, but it's less effective in a software shop.
You asshole (Score:2)
Who cares much time is spent working, what matters is what gets done.
A competent creative person will achieve more of value in 30 minutes than some droid who diligently spends 50 hours a week "behaving professionally". I would far prefer employees who browsed porn or spent the odd hour checking out
If they're not, then they can "act professionally" all day long, and I'll still fire their ass.
In the commerical world this is self correcting, companies with their priorities screwed eventually go belly up. There's no correcting mechanism in the public sector, you end up with bloated monsters that piss taxpayers money away paying a bunch of useless cretins to stare up each others asses all day.
This one's difficult... (Score:2)
Do they have an -ethical- right to monitor? No.
Ethics and business are often incompatiable, sadly. One place I used to work, I was informed that I had acted "improperly" by implementing recommendations formally presented at a security briefing. This is not uncommon. When it's a show-down between politics and common sense, politics WILL win.
"By hook or by crook..." (Number 2, intro to The Prisoner)
The more I've worked, the more I realise that the TV series "The Prisoner" was an idyllic futuristic dream, by a hopeless optimist. For all the brain-washing, torture and pressure put on Number 6, not one single Number 2 ever pretended that they had the moral high-ground.
As for what you can do. Well, you can remap the keys, and write a simple substitution program that sits on INT 09. That way, it doesn't matter if what you type is logged. Your boss is unlikely to spend the time decrypting it. However, they are likely to regard that as a hostile act on your part, and subject you to disciplinary measures.
Alternatively, you could use macros and function key definitions extensively. That way, what you type can make sense, but be subtly different from what the computer actually sees. The problem here is if your network is being monitored. The discrepency will eventually show up, and you'd probably be whisked away for intensive interrogation.
The third option, though potentially the most dangerous, is to combine the last sugestion with IP spoofing and IP monitoring. This would involve redirecting the -real- network requests, such that they don't return to your computer, directly, but rather to your subnet. From there, you can sniff them and process them as if they were to you. (You can't just multi-home your machine, as it would be too easy to pinpoint which machine the communication was for.)
This is exceptionally dangerous, as the penalty for being caught would be gruel and striped pyjamas. On the other hand, if you spoofed it to whichever senior official ordered the monitoring, either the entire work-place will go into panic-mode, or the matter would be quietly and discretely ignored.
Re:Fully legal (Score:2)
--
Re:Government Cheese (Score:2)
That's not entirely true. Instead of quitting you can threaten to quit. Or you can write a letter complaining about the situation without including resignation threat.
Quitting fixes the situation outright, by removing yourself from it.
Threatening to quit or complaining (or, preferably, both together) works far better if everybody does it. You can even do things like not show up for work until they agree to stop. One term for it, if you do it all officially, is "forming a union".
Hey, at least they're nice enough to warn; no requirement for that. They could do it legally with no disclaimer.
Re:Fully legal (Score:2)
Sniff away; all they'll see will be ssh packets to and from my servers at home.
--
Perfectly Legal (Score:2)
Is keystroke logging even under discussion? (Score:2)
Such disclaimers are very common in the corporate world. Prior case law has struck down computer crime prosecutions simply because the systems in question did not clearly lay out access rules and regulations. Therefore, most corporate servers -- and, increasingly, corporate workstations -- display this boilerplate in order to support prosecutions against those engaged in unauthorized access.
Now, as the Larry Wall case shows, the line between "authorized" and "unauthorized" is very thin indeed. Don't forget to ask for your manager's approval before setting up that e-mail proxy....
Can? Yes. Would it be a good idea? (Score:2)
Sure, you could. But since you are (we presume) working at a government installation, processing sensitive and classified information, doing so would likely get you put under investigation for espionage.
Even if you are innocent, that is not something you want to have to go through. And if they find you were doing something bad (like selling secrets to the Chinese), you get an all expenses paid trip to Leavenworth.
Trust me on this: You DO NOT screw with the Security Police.
Re:Fully legal (Score:2)
Not necessarily. If you plug into a phone jack and dial out to your own ISP, there isn't much your employer can do about it (tapping into a modem connection demands specialized equipment that usually only law-enforcement agencies have handy). Also don't forget the SneakerNet -- and wipe the floppy afterwards.
The point is, your laptop is your private property and nobody can take a look at what's inside without a court warrant.
Kaa
Re:Fully legal (Score:2)
"Leave the gun, take the canoli."
Ironic: Government ignores Constitution (Score:2)
Courts have previously held that the government has to take into account the fact that it is bound by the Constitution.
And why shouldn't a private employer be held to the Constitution also? They are located in America; shouldn't they have to play by the same rules as everybody else? Something is really wrong here.
Re:Government Cheese (Score:2)
Big Brother, where are you when we need you?
Re:Government Cheese (Score:2)
1. I would really like a good reference to the alleged article describing the "inevitability" of an accidental nuclear launch. I don't believe you or your source, so give me a bibliography. It had better be something better than the National Enquirer.
2. $60-70 per barrel for oil would cause a world catastrophe. Not in the U.S. We would be affected, but we also have enough money and resources to get around such a problem. I think most of Europe would be just fine too. They are already accustomed to high fuel prices. The real devestation would be, say, farmers in Africa and South East Asia, who just bought their first farm tractor, only to see operating costs triple or quadruple. All because of some conflict thousands of miles away from them that they have nothing to do with and no control over.
And by the way, if New Zealand were to call the United States a "Rouge Superpower"...
>>New Zealand, for example, would face serious consequences.
WHAT? What are you talking about? Do you honestly think that a tounge lashing by New Zealand would concern the United States? Serious consequences? What serious consequences? Carol Mosley Braun (the U.S. Ambassador to N.Z.) might have to schedule a dinner party.
This is not to say that N.Z. is unimportant. The reason that N.Z. will never have anything to fear from the irrational juggernaut that is the U.S. public is because they are not trying to buy ignition devices for nuclear weapons from unscrupulous companies. They are not trying to buy the worlds largest cannon from other unscrupulous companies. They are not stockpiling Anthrax or VX gas. They do not have an arsenal of unguided ballistic missiles.
Re:Government Cheese (Score:2)
This is not to say that any of the accidents involving fissile material are not serious. Contamination is very serious, and plutonium is one of the most deadly substances known to man. But we are not yet approaching the seriousness of a nuclear detonation.
The reason that I say that rising fuel prices would have more of an effect on undeveloped countries is because they do not have the resources to do research into alternative fuels. High oil prices would only speed the research that is already being done in the west to eliminate dependency on oil.
As for New Zealand. I did not intend to infer that New Zealand is an insignificant nation. My point was to say that New Zealand, unlike Iraq, North Korea and to a MUCH LESSER extent, China, is not about to have a war with the United States or one of its allies. New Zealand is not threating to invade its neighbors and is not threatening world peace. Nor is it ever likely to want to. That is why any statements that New Zealand makes regarding the politics of the United States are not going to cause much concern in the U.S.
Re:Government Cheese (Score:2)
What I'm trying to say is that when you mention DoE to Joe Schmoe on the street, my guess is that nine times out of 10, Joe's going to be thinking about nukes. When Joe Schmoe starts thinking about nukes, he's not going to listen to reason. He's not going to care that Fermi is doing important particle research. Most Americans think that fusion reactors can go critical and explode. Most Americans think that fission is too dangerous to warrant building new nuke-you-lar power plants. Most Americans probably also think that all the DoE does is build nukes.
I'm not trying to say this argument is logical, or even morally correct. In fact, I believe it is neither. The problem is that when you deal with computer secrecy for the DoE, then you can easily build up the mass hysteria that the United States is prone to. I'll bet most Americans would chose to have the Chinese man (sorry I forget his name) accused of spying at Los Alamos strung up rather than give him a fair trial.
I guess my argument really is this: When dealing with what the DoE does, the public will willingly throw out logic, political correctness and even the Constitution of the United States of America. And if the public won't, I'm sure the NSA would be more than happy to oblige.
Re:Fully legal (Score:2)
As a side note, the reason most Silicon Valley employers don't do any of this monitoring is that they KNOW they'd lose employees. The only real way to fight this is to band together, and to inform management that all of the technical staff will leave, if monitoring/drug testing is done. They can not afford to lose the skilled folks. So, they'll usually cave.
Remember, the only power you have is that they need you more than you need them...
What about terminating the logger ? (Score:2)
But if you have sufficient access to your own desktop, shouldn't you be able to kill the logger? What are common logger names to we can seek&distroy? Or are they usually hidden process that can evade the tasklist?
Re:Government Cheese (Score:2)
particular argument is correct, but it is a compelling argument,
and many will think that. It's hard enough to make sure that
security is air-tight for the areas where it's required without
trying to make sure it is air-tight ONLY where it matters.
Got to disagree: I think you can't get security right unless you
make distinctions between level's of security. If you try to make
everything an organisation does operate at the highest level of
security, then people's day to day antipathy for the tiresome
bureaucracy involved will make them conspire against the security
measures: as is happening with this Ask Slashdot.
Re:Government Cheese (Score:2)
Re:Fully legal (Score:2)
Or if you grant access to it, but then you can set the terms. Personally, I am willing to grant access to some of my own machines, under certain conditions. The conditions are just a bit
None of these terms is unreasonable, and few people would be willing to accept them.
I'm not sure this would work with me (Score:2)
What if you knew this and avoided _typing_ anything sensitive? Once my keyboard went out and I shut down the computer by X copy/pasting 'shutdown -h now' after su'ing... The keyboard wasn't involved. What are they going to do, log the screens and mouse clicks? What do they do when you place the insertion point somewhere else? What kind of gibberish are these people looking through?
You could enter 'sensitive' text without using the keyboard, then the benign stuff by typing. In short, who cares?
What can you do? Nothing (Score:2)
The company owns the hardware, network, data, and your time between breaks. If they want to monitor your keystrokes, that is their perogative.
The company where I work has two kinds of phones -- the supervisor model has a monitor function that allows the manager to listen to all phone conversations of any employee in their department. You just don't have personal conversations with inappropriate content and there will be no problem. If you can't deal with such a policy, start your own company.
HA HA HA HA HA HA HA, I work there too!!!! (Score:2)
For reference, the standard disclaimer for a National Lab's web site can be found at Sandia National Labs Web Disclaimer [sandia.gov]
I work at a DOE installation also. Their lawyers are VERY highly paid, and unfortunately, they have the Supreme Court on their side. You don't own those computers, they do. They can (and DO) do anything they want.
As a side note, our local DOE folks also monitor your web surfing, and log ALL your page requests. They also block any https:// connections, as well requests to sites on their "Evil waste of time" list, and they grep through their logs once a week searching for "keywords" ( sexy, pussy, xxx, porn, pr0n, etc). You basically have no rights to privacy since it is their equipment, not yours.
As a side note, we all just got email saying that all of our phone calls were logged, and that we could be expecting visits from our management about some of the more questionable phone calls. (In other words, more than a few local calls a day, and any long distance calls.)
As a side note, all businesses have these rights, but most choose not to exercise them.
Deal with it, or leave. The labs ARE NOT,
WILL NOT,
CAN NOT
be part of the real world.
that can put you in a real bind (Score:2)
So maybe we shouldn't ignore it, but what if this sort of intrusiveness does stand up in court (IANAL, but this sort of thing is pretty common to my understanding, so I would assume that it's on reasonably firm legal footing)? In many cases, it's not as though we can go elsewhere to do our research. I'm a high-energy physicist. High energy experiments are very expensive, with prices that reach to the hundreds of millions of dollars. In the US, there are only a handful of labs that do it. And guess what? They're almost much all DOE labs!! What's more, depending in the type of work you do, you are completely limited to DOE labs. Even working in other countries isn't neccessarily an option, depending on what you want to do.
That being said, I'm not too worried. I think this sort of thing is probably restricted by some sort of "probable cause" consideration. I rather suspect that the sysadmins take that particular warning as seriously as the rest of us do. It was imposed from on high, not by the people who do the real work of maintaining the systems.
At the end of the day, many scientists don't have too much choice in the matter. The question is whether this represents a real threat to our privacy, or if it's just a way of placating the federal government. I think it's the latter, although it does perhaps open some doors that are better left closed.
Re:Doiesn't depend. (Score:2)
Good point, but if you don't like McDonalds you can work at Subway, Steak & Shake, etc. It is true though, when I was working at McDonalds, it wasn't because they respected my freedom, but rather, I really need to pay rent (at least that is what my landlord was saying at the time). True most places will strip you of all rights when you walk into the door.
The laws (freedom of speech, freedom of relgion, freedom of press) are for the US goverment. Sorry if I don't include forgien countries, but I don't know there laws there. The laws are in place so that the (usa) goverment can't screw you on basic freedoms, they aren't there to protect companies, citizens or others from taking these rights away, they are just there so the person has a right that the goverment can't take away.
Almost any private place is going to take away you rights. If go into church and pass out, let's say "satan is sexy" bumper stickers, the church will (more than likely) ask you to leave. You scream "Hey man, I have the right to do this". Yes you do have a right to do this, from the goverment, the FBI isn't going to step in an drag you away, the CIA isn't going to sniper you, the goverment really doesn't care what you views are (at least that is what they say). The people that ask you to leave, aren't enforcing the goverment laws on you, but "their own laws", not the goverments.
If you refuse the leave, they may call the man (ie. police officers) and have you arrested for tresspassing and distrubing the peace, but they aren't arresting you on your views. They are arresting to protecting others (the churchs) right to freedom of speech/reglion
If you build your own church and start up a club that preaches "GNU/Linux Rocks" you are allowed to do that, and the goverment won't do anything. You could then make up your own rules, "This is the house of GNU/Linux, thou shalt not bring in closed source software" then when someone brings in a Windows98 you can though them out onto the street and yell "Don't bring that shit in here bitch, we ain't down with that". But that would be YOU inforcing your "own laws", it won't be the goverment.
But back to your orginal comments, when most people work at McDonalds it is because they HAVE to work there, not because they have a choice. In theorgy, they way it is supose to work, is that the person should be able to go work anywhere where they have the skill to work at. Anyone should be able to do what they want when the "grow up" (atleast that is what my parents told me (I think they may have lied)).
The thing is, if someone doesn't want to work at McDonalds, in theogry mind you (which means it doesn't work in the real world) they could get goverment grants/finacal aid/loans/scholerships to go to trade school/college/etc to gain more knowlegde, expeirnce, education, training to get the better job. This sometimes works, this is how it is supose to work. It does take time, but if they need to be able to train for a better job and be able to pay rent at the same time, there are options.
Just for the record, I am not knocking anyone that works at McDonalds, I used to work there. They are a respectable company and am not trying to FUD them, just using them as an example.
Even if you do have a better job, you company will still take away your freedom. Say you work as CEO of AOL (forgot his name). If that CEO of AOL came out and said AOL sucks, and used his own money to fund an AOL sucks rally, do you think the investors/stock holders/border of members respect his "Freedom of speech"?? The goverment would respect his freedom of speech, but not his company, his company would throw him out on the street (exactly the same as if he worked any other job). I think almost all jobs would fire you for something like that.
The only really job where you have complete freedom (under the goverment that is) would be a freelance job, or a job where you own the company. For example, before Andover/VA bought slashdot, I bet CmdrTaco could say "Slashdot sucks" and not get fired since he owned the company (unless he wanted to fire himself in some weird world). There are very few jobs that offer complete and utter freedom most of them are freelance/self run|owned companies/drug dealers/pimps. For the rest of us, we must do what the man says if we want to pay rent, even if that includes giving up personal freedoms.
On a side note, this is extremely difficult to say after just having watched Brave Heart. I bet if I had a sword the "man" wouldn't be on my back as much.
Re:Government Cheese (Score:2)
It matters not that you are doing weapons research. It matters not that you are checking an email from you girlfriend/boyfriend. When DOE is involved, the courts hardly matter. There are very few people in this country who are going to give a flying fsck about your privacy as soon as someone mentions nukes.
And, arguably, for very good reason. Not that I think that particular argument is correct, but it is a compelling argument, and many will think that. It's hard enough to make sure that security is air-tight for the areas where it's required without trying to make sure it is air-tight ONLY where it matters.
Personally, I think that they should be checking into just about everything having to do with DOE's security. There is very little on this planet more dangerous that the nuclear arsenal of the United States of America. I'd like to keep it that way.
Indeed. It's not that America's nuclear arsenal is so dangerous--it isn't. It's that the nukes and the knowledge to build them (especially the knowledge) would be dangerous to an unfortunate degree in the wrong hands. The world already has enough terrors. Far more than you imply, incidentally. I can think of nearly a dozen worse things than America's weapons of mass destruction. Near the top of the list would be the arsenals (nuclear, chemical, AND biological) of a range of countries. Or perhaps even worse, the possability of the emergence (either through random mutation or careful manipulation) of an air-borne retrovirus (what happens if you take a disease that is as hard to cure as AIDS, kills as fast as Ebola, and spreads like the common cold?). No, the world has enough worries without more nukes in more hands. Of course, one of those worries (and a very serious one) is infringements on free speach and privacy, such as this latest assault by the DoE. Nothing is ever easy.
At least they warned you... (Score:2)
They own the equipment, they own the network, they even "own" your time at work. You can't say that you can't do your work because it might be monitored - so what, if you're doing work it doesn't matter.
What about personal stuff, right? Well, if you don't want it monitored... don't do it on their system. It's as simple as that.
Of course, IANAL and your mileage may vary.
recording keystrokes=password snooping (Score:2)
It seems unreasonable to give any corporation or government agency the ability to steal the passwords to other networks. Controling mail spools and data flows is one thing, but stealing keystrokes and passwords undermines every site's security. If the government or corporation wants to restrict employee access to another network they can do that by disallowing connections. But allowing keystrokes to be recorded which in turn allows the company or the government to compromise the other network looks like cracking and entrapment to me.
Legal but..... (Score:2)
They can even fire you for it in some cases. There are some cases where they cannot use the information against you. When discussing job benefits, working conditions, union organizing, or something along that line. Also, if you are speaking out against discrimination. Another is if you have filed a complaint of law, and the law prohibits retalition, and then they monitor you because you filed a complaint, then that is another form of retaliation (increased scrutiny, see the EEOC guidelines [eeoc.gov]).
Re:The real giggler... (Score:2)
I always liked, "All you need to do to be connected to the Internet is download our free software at Click&Go.com."
I chose "Click&Go.com" because my other favorite is, "Just click on www.youneedtotypethis.com."
Re:Fully legal (Score:2)
So if your employer has a good enough reason?, he can even search your home computer.
If you want to avoid having your email searched at work or home, get several anonymous remailer accounts eg HotMail. Be sure to log out every time you use it. Use one account for mainly newsletters, the other for personal mail. If they note you have a HotMail account give them the account with the newsletters
Re:Fully legal (Score:2)
No one, least of all me, likes the government or the employer looking over your shoulder... but when the government is the employer and you are using government resources time and bandwidth... its better to use the resources, time and bandwidth for the reasons you are there in the first place.
If you bring home a dog that bites you can't complain when it bites... Your acceptance of the condition is contributory to your condition.
Why is this an issue? (Score:2)
In the past, I worked for the Department of Defense for several years, both as a civil servant and a civillian contractor. Let's just say that if you think DoE is paranoid, DoD is worse. I was subjected to the same sort of warnings and disclaimers about consenting to monitoring, and consenting to allow such monitoring to be used as evidence should they investigate me for wrong doing. IANAL, but this monitoring has been in place for many years, and has been used successfully in disciplinary cases, so I have to figure that there is a legal basis for it.
To me, knowing that "big brother" was watching didn't really bother me. I can see that they have interests to protect, and I was not doing anything unauthorized. I have since left the government scene for the corporate world, and it seems to me that the biggest difference in monitoring between the two is that at least the government makes sure you know you are being watched. I see just as much monitoring in the enterprise, only it's done much more surreptitiously. My question is, is it really an invasion of privacy for my employer to keep track of what I do on his/her computers and office equipment inside his/her office space during hours when I am on his/her payroll?
Re:Government Cheese (Score:2)
>would be dangerous to an unfortunate degree in the wrong hands.
??? The USA has internationally _earned_ itself the nickname "rogue superpower", it stockpiles (and frequently uses) weapons of mass destruction and weapons of indiscriminant destruction, it has one of the worst records of initiating force in other countries, undermining democracies, propping up dictatorships with force, and worse, and you talk of "the wrong hands"?!?!
Presumably by "dangerious
When a US General (among many others) states that the reality of the US nuclear stockpile is that it is a miracle that an accidental launch has not _already_ occured, you might begin to see why countries object to weapons stockpiling.
While the US can pretend to its citizens that it is somehow different from Iraq, its own actions frequently force the rest of the world to remain unconvinced.
And I bet you'd think Iraq was "the wrong hands".
Re:Fully legal (Score:2)
Thoreau (Score:2)
--Henry David Thoreau
---
$ su
who are you?
$ whoami
whoami: no login associated with uid 1010.
Appearing soon on a Redhat machine near you (Score:3)
/etc/motd. The script claims it gives you a
better chance of intruders being prosecuted.
Monitoring, Sysadminning, Ethics (Score:3)
Carnegie Mellon University, where I used to work, has the following disclaimer at login:
I think this is for two reasons: one--to make any evidence they find against crackers more legally clear. two--to cover their asses in the case that they accidentally read someone's email (or the equivalent) doing system maintenance.
It's important to remember that if you're in any sort of shared environment, your sysadmin can very easily read every byte in the system, follow every bit thrown out the pipe, and etc. What's important is that ethical sysadmins don't use this power for evil. :)
No really--I'm serious. As a sysadmin, and a BBS sysop before that, I've had the power to do things like read users' email for a long time. I feel that I have an ethical responsibility akin to those a doctor or lawyer has with respect to confidentiality. I will not pry--but even if I do, I have no right to make public things that I learn. This is most important when doing routine things like backups or looking for files which are taking up too much space, or fixing mail spool files when there's a bad mail loop, or the like.
It's hard not to learn things about people that you shouldn't know in these cases. And as a result, I don't believe in sharing information learned in such ways with anyone at any time. I'm upset when I hear stories about sysadmins stumbling across somebody's private stash of kiddie porn and turning them in. It's true that kiddie porn is pretty damned foul--but in the interest of protecting everybody's right to "sysadmin confidentiality", I still don't think such things should be mentioned. At the very least, I'd probably say "please remove these files from the system, or I'll have to take steps against a potential DoS attack by law enforcement officials."
Anyway, my two cents. I think I'll go look up the CPSR and other like-minded groups now and see if anybody's got a sysadmin code of ethics. :)
Same where I work. (Score:3)
This is a US Government computer. This system is for the use of authorized users only. By accessing and using ths computer system you are consenting to system monitoring, including the monitoring of keystrokes. Unauthorized use of, or access to, this computer may subject you to disciplinary action and criminal prosecution
That's what everybody gets on our office machines at the Johnson Space Center. Considering the enormous mountains of paperwork that people type up every day, I would hate to be the guy who reads the key logs. ;-) Even if all they did was store the keystroke logs somewhere, it would be an enormous amount of useless data.
welcome to government service (Score:3)
As for legality, hey, man, I just work here.
depends (Score:3)
For example, we all have the moral and legal right of "Freedom of Speech", but if you take a job at McDonalds, when you are clocked in your "Freedom of Speech" goes by-by. You can not say "So what the fuck do you want on this shitty ass BigMac dicksmack" to the customer. Sure, this is prefectly legal and lawfull (in the US), but McDonalds (private company) will fire you.
If you want to be able to say "fuck" and tell the world McDonalds BigMacs are "shitty", you will have to do it on your own time. The fact is, you are working at McDonalds on your own Free will, and they hired you on their own Free will. At any time either you, or them may terminate the employement agreement. (unless you sign a contact)
Most companies do monitor, on our phone system they warn the customers and employees that the lines are tapped, I mean montior for employee spying, I mean employee montioring and training purposes. They aren't forcing me to work here, and they aren't montioring without my permission. If I did not agree to this, I would have to either 1) quite 2) not agree to it (which would probably lead to me getting fire)
I think an employeer has the right to monitor, but the company HAS to notify the employees for this before hand and tell them what they can and can't do with the system (ie. no p0rn in email or hot grits in pants during business hours, expect for on fridays)
Recently logged at NASA (Score:4)
Mars Lander Telemetry Control System
login: root
password: xxxxxxxxxxxxx
Welcome to the Mars Lander Telemetry Control System.
MOTD: Management has become aware of the unauthorized use of agency computing facilities for the distribution and use of illicit materials, which is in violation of the computer use policy. Anyone found in possession of or transmission of such materials will be prosecuted.
jpl:# cd / pr0n
jpl:# rm -rf / pr0n
^C
^X
^C
^X
^D
Re:Fully legal (Score:5)
There's always one more option, though their effectiveness may be questionable... for example:
In the wake of the spy scandal last year, the DOE implemented a mandatory random polygraph policy for all of their Los Alamos employees. Every one. Needless to say, the affected employees were rather annoyed, and they organized and threatened action (wish I could be more specific). Anyway, the DOE just recently backed down and decided to only require random polygraphs for employees who work with sensitive information. They did something about it.
And also, if you have enough money to contribute to your senator's campaign, you could always go the Congressional route. It works for contractors.
(Sorry if this appears twice, but if /. hadn't timed out, I wouldn't be pressing the submit button again.)
Re:Fully legal (Score:5)
A very important note: In the US.
But invalid in Germany. There, you cannot even perform exact recording of dialed numbers on the company PBX. The employer if recording them is obliged to erase the last n (forgot how much) digits. And recording email by the employer is absolutely out of the question.
They own it. You don't. (Score:5)
Partly this absolves systems people like me if we happen to come across your e-mail by accident (trust me on this one: I was working on a mail server yesterday and I could see the addresses EVERYONE was sending to, including some verrrry interesting domains), but also in case they have to investigate for any reason. Let's say another employee claimed you sexually harassed them in sending e-mail (let's also assume that this is serious, not just random dirty jokes, talking about the other person's anatomy for example). The company has the right to look at the victim's computer, your computer, the server, even SEARCH THROUGH DESKS looking for floppy disks on which anything relevant may have been saved. I've seen it happen.
As a systems administrator I have to install monitoring and blocking software. I can track every site you visit with your browser, stick it in a database and e-mail it to your manager by 8am Monday morning. He can see that Joe was surfing business-related sites, maybe too much, but within acceptable limitations; Mary was spending all day long at eBay; Dave was recklessly looking at p0rn on his lunch hour; and so on. As long as there's an upfront disclaimer, all such monitoring has been upheld by the courts. It doesn't even have to appear at login; you could have signed a blanket disclaimer when you were hired, and it was just one of a dozen sheets of paper you John-Hancocked and forgot about.
One employer determined that a married woman had transferred to another location in order to conduct an affair with a man there. They fired both of them, not so much for the affair, but for falsifying time sheets and so on, based on e-mails where they set up hotel rendezvous during work hours. They almost fired another woman who was the first woman's confidant in this situation because she had failed to report it.
Another employer requested printouts of all e-mail sent by an employee during his last week, as well as all outside mail sent and received by his friends in the department, in order to prevent disclosure of client trade secrets.
Another employer found that pornography was passing through the e-mail system and before any of the employees were notified, I and another individual had to check for anything illegal. If we had found anything, we were to call in the police.
When I worked on a help desk, I never knew whether my calls were being monitored silently by my boss. My internet usage at work then was via dial-up and this came to the attention of the telephony group, who reported it to my boss, and my boss then required me to justify time spent. (I was able to do so, it was mainly research.)
Bottom line: when you're at work, don't ever assume you have privacy. The employer has broad rights to monitor you for not only illegal activities, but for violations of your employment agreement, for slacking, for slandering, for sexual harassment. Some of the posts here speak of your government employment as a unique situation, but it really isn't. Out in the Real World you may, in fact, have FEWER rights to privacy than in your present situation.
----
Fully legal (Score:5)
I don't think you can much about it except for quitting (or threatening to quit over pervasive monitoring).
Kaa
Government Cheese (Score:5)
If you don't like the new disclaimer, all you can do is quit. As far as my experience goes, when working with the government, and especially when dealing with the military branches, and even more especially working with DOE, you have no rights to anything what-so-ever.
It matters not that you are doing weapons research. It matters not that you are checking an email from you girlfriend/boyfriend. When DOE is involved, the courts hardly matter. There are very few people in this country who are going to give a flying fsck about your privacy as soon as someone mentions nukes.
I'm not trying to say that this is right or moral, just the way it is. The NSA (National Security Agency) has very broad powers when it comes to protecting nuclear secrets. The secrets could be anything from warhead design to the number of gallons of water in a reactor's coolant reservoir.
Personally, I think that they should be checking into just about everything having to do with DOE's security. There is very little on this planet more dangerous that the nuclear arsenal of the United States of America. I'd like to keep it that way.
Keystroke logging at McDonalds (Score:5)
Large Fries
Large Coke
Happy Meal
Medium Chocolate Shake
Trinoo Attack on CNN
McDonald Land cookies
10 pc Chicken McNuggets
I can see how this would come in handy.