Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy

Employers Logging Keystrokes-What Can You Do? 185

daqman asks: "I work for a 'national lab' which is code for, 'we are funded by the Department of Energy'. Recently there was a big scare over a DoE employee at a weapons lab who has been accused of spying. Now we are very far from weapons research. If were any closer I would quit right away. Anyway, as part of the security flap we have been asked to put a notice on all of our machines. A part of the message is: 'By using this system, the user consents to such interception, monitoring, recording, copying, auditing, inspection, and disclosure at the discretion of authorized site or Department of Energy personnel. LOG OFF IMMEDIATELY if you do not agree to the conditions stated in this warning.' What is the legality of this statement?" (There's more...)

"I live under the assumption that my employer cannot tap my telephone or open mail delivered by the US postal service and that I have the right to free speech under the constitution. Why is my E-mail and my very keystrokes on the computer any different? Please remember my work does not involve national security. Also, since this policy was not in effect when I started my employment what are my rights if I refuse to agree with the conditions and log off?"

What does one do (aside from up and quit) when you discover that your employer is spying on you -- by any method? I can understand an employer wanting to know what his employees are doing, but there is a line somewhere they shouldn't be able to cross (employees have rights, too). Where that line is, however, is anyone's guess.

This discussion has been archived. No new comments can be posted.

Employers Logging Keystrokes-What Can You Do?

Comments Filter:
  • by Anonymous Coward
    "I'm a contractor at NIH, and you can find their suggested startupscreen here. It basically says that it's a government machine, they can do what they want, and although the banner isn't legally required, it does help the government prosecute people if there's a banner in place when you log on."

    If you work for the Department of Defense, it is required by regulation that you have a 'warning' banner that is displayed when you log onto the machine's console, or by the service when you access it via the network.

    As you mentioned, they require it to prove to a federal judge that a cracker did know the system they had accessed was a government system, otherwise it's a state/local/civil case. It is also notification to the user that anything they do can potentially be monitored (btw, the phones also usually also have stickers saying that they can be monitored at any time); while I don't know of any keyboard monitoring going on, I know that website traffic is being logged, and messages going through the 'offical' e-mail servers is subjected to a keyword search. What can be captured, the methods for capturing, and who has access to that information is strictly controlled (at least in my experience).

    If you're getting that Fed paycheck, and you don't like what's going on, walk to the commercial side, where it's becoming endemic and doesn't have any regulation at all.

  • by Anonymous Coward
    Anyway, my two cents. I think I'll go look up the CPSR and other like-minded groups now and see if anybody's got a sysadmin code of ethics. :) Try SAGE [usenix.org] which has an excellent code of ethics (if you really want the SAGE site instead it's http://www.usenix.org/sage/ [usenix.org]
  • by Anonymous Coward
    > I don't think you can much about it except for quitting

    Agreed. Your employer owns the resources, not you, so they can do pretty much anything they want with them. If you don't like it, you're welcome to go work somewhere else.

    This is starting to become a big problem at certain facilities of a large computer maker that were once part of another large computer maker. Since they put censorware on the firewall, started drug testing employees and implemented certain other onerous policies, a big exodus has started here.

    They think they can improve morale and make this a fun place to work by building us a game room with billiards, air hockey, foosball tables, etc., etc. but the damage has already been done and a lot of good people are bailing out.

    I haven't left yet, but I'm interviewing. :-)

    Sad. This used to be a fun place to work.

    Posting anonymously for obvious reasons...

  • by Anonymous Coward
    Well, there is something your employeer can do about it -- fire you. I imagine any environment that is logging keystrokes would also have policies that would prohibit you from connecting unauthorized equipment to the phone system.

    I've worked in far less facist environments, and still analog jacks were near impossible to get installed, and almost never in a cubicle or office. Furthermore, fax machines were mandated to be in public areas. (You can however, get an analog adapter for most PBX systems.)
  • "Freedom of Speech" and the like in the US Constitution are only protected from infringement from the government, "Congress shall pass no law ... prohibiting the free exercise of..." Of course, this doesn't take into account the PR side and people whining on the local news how some place is infringing their freedom of speech or whatever. Fact is McDonald's can fire you for running an "McDonald's sucks ass" web site in your free time, no matter how good an employee you are while you are there.
  • by whoop ( 194 )
    What you need to do is go to this web site called Slashdot [slashdot.org], click the submit story [slashdot.org] link on the left, and cry to them. That community is known for being a shoulder to cry on.

    Oh wait, maybe you already did.

    Yeah! How dare they? They pay you to do work, it's not fair that they actually check up on ya! It's not like Secret Service agents are expected to keep ahold of their weapons (Chicago, female guard for Mrs. Clinton loses her purse in a bar), or your laptops (who hasn't heard this story by now?). So what if they want to improve security if it bothers you, they should stop. Better yet, they should only give these rules to people that matter. Yeah, that way lowly folks are still able to sell papers on eBay. No rules should be applied to all government employees, contractors, etc. That's just, like, so unfair. It's not like you can find a job anywhere else if the business practices bother you. The business needs to conform to your standards, not the other way around!

    Of course, when they confront you for typing "I like kiddie porn" over and over then emailing yourself that for six weeks straight, just defend yourself as our fine Democrat party does of the best President in the history of the universe. 1) Ask your acusers, "What's your definition of keystroke?" 2) Tell them, "There's only eight months left in this administration, why are you bothering prosecuting me? Just let sleeping dogs lie." 3) Go in front of Congress when they bring hearings against you and tell them, "Asking me about my kiddie porn habits doesn't feed a single child, give shelter to homeless, save social security for mopes who can't save themselves, or give justice to African American or Hispanic children. You people need to do some real work, not investigate kiddie porn emails." 4) Go on the Today show, Good Morning America, Oprah, anything else you can, and talk of a "vast right-wing conspiracy" that has been trying to get you since 1992. And finally 5) Take the job as a limo driver in Washington when they offer it to you.
  • by Caine ( 784 )
    Not far to the Snowcrash vision of U.S. gov I guess. =)
  • As many posters have already pointed out, companies can do whatever monitoring they like of your work habits. If they don't like what they see, they can fire you. Is this right? maybe. If they do it, are they assholes? You bet! Unemployment is at a 30 year low. Companies will even hire older workers these days. If some outfit is doing this, quit. I wouldn't hesitate to. Life is too short to squander.
  • #!/usr/bin/perl

    sub getWord() {
    my ($number) = @_;
    my $answer;
    open DICT, "/usr/dict/words";
    while($number--) {
    $answer = ;
    }
    return $answer;
    }

    open TERMINAL, "/dev/pttyN";
    while(true) {
    sleep 10;
    print TERMINAL (getWord(random()));
    }
    close TERMINAL;
  • Can the gov't make you give up your PGP keys even if you're e-mailing a friend from work with it?

    Fialar
  • Usually not weapons, but certainly research with military applications. A few example of DOE projects:

    • Nerve toxin environmental cleanup
    • Gulf war syndrome causal agents
  • What gives you the impression these (tapping phone and opening US mail) aren't going to happen? It is routine at many companies to do both, including the one I work at. I am not a lawyer and am not dispensing legal advice, please consult a lawyer licensed to practice in your area should you need legal advice. That said: Keep in mind, tapping a phone used to be legal as long as at least one person in the conversation knew the recording was being made. I don't know what the law is on this now.
  • We were told that this was to allow system logs and similar to be admissible in the prosecution of crackers.
    I know we keep short-term logs of what passes through the proxy servers, but we are (amusingly) under orders from higher up to NOT check the logs for sites visited.
    See, your boss probably doesn't want to be monitored either...
  • It matters not that you are doing weapons research. It matters not that you are checking an email from you girlfriend/boyfriend. When DOE is involved, the courts hardly matter. There are very few people in this country who are going to give a flying fsck about your privacy as soon as someone mentions nukes.

    Yes, but there are DOE-funded labs that do no weapons research, and indeed no secret research whatsoever. Fermi National Accelerator Lab comes to mind as an example. They have no nuclear secrets to protect.
  • This may be naive, but I gather that military research (atomic bombs, I suppose) is carried by the Department of Energy instead of Defense.

    Why? Is it an accounting trick to say "We reduced our military expenses"?

    I suppose that the FDA is researching "methanol engines" just to balance. All in all, methanol is sort of a drug.
    __
  • Wasn't that how the whole ruckus with the last DoE employee allegedly releasing sensitive material happened? Didn't he allegedly transfer said material in his laptop?
    IMHO (and IANAL) I don't see why the DoE would allow employees to even bring a laptop into work. I know you're not handling sensitive information, but from what I've seen, they're very low on tolerance and high on suspicion there.

    Droit devant soi on ne peut pas aller bien loin...
  • I worked for DOE in 1994-1995. THose headers were
    required then and were supposed to be on all computers from 1990 or so onward. A lot of sysadmins didnt put them up for the usual "Hey this violates my rights.". Well the problem is that you are working for the agency that deals a LOT in nuclear weapons, national secrets, and other things that the US feels doesnt need to be seen by everyone.

    That was your choice in going there. You can make protests (LANL scientists did one day strikes over enforcing the computer rules in 1999.. but went to work after that), but other than symbolism your only effective way of changing a lot of the rules is get a majority of Congress to pass repeals of rules that govern what you can and can not do in labs even remotely related to National Secrets.

    90% of the time people will whine around the coffee pot, but dont put their feet into action.

    Good Luck
    Stephen Smoogen
  • I know this opinion will be unpopular on slashdot.. but...

    You work for them! They should be able to hold you accountable for everything you do while at work. You say that you think you have the write to have regular mail go by without interception... If they wanted to look at office communication to/from you, they could legitimately do so.

    Now, if they tried to extend this to (non-DOE) computers/accounts that you use when you aren't at work, then of course that's Bad. But anything you do at work should be monitorable.

  • The fact of the matter is, you don't _have_ to be warned about it with a logon banner every time you log on. If you missed that meeting where they handed out this year's policy book, or your's is sitting in the bottom of your drawer, or there's a central repository of documents at your company....or even if none of this exists, the legal precenent is that employers have every right to invade every "privacy" you think you have at work. Basically, when it comes down to it, you have no provacy at work.
  • This notice is standard DOD procedure. In fact any DOD organization that does not post this during login or on a visible portion of a computer is subject to disciplinary action. I know you said you are in the DOE, but I'm sure that notice should have been there before the incident. The wording is almost the exact same one I had to display at login on DOD boxes. I'm not sure of the legality side of this, but they do own the machines, and if you are doing your job on that machine (instead of personal stuff), you don't have any privacy issue to worry about, because whatever you do is what they are paying you for.
  • Not only can the monitor your email (which is the property of the company) they can convict and fire you for what you say in that email. Many people have lost their jobs over situations where employees think that they can get away with something through their "secret" email contacts. I had a class about law and computing. Don't try to dispute it. It's the law and I think it is an ok one so long as it doesn't go too far... Leimy
  • No conflict. Check court cases. You'll see who owns your email. The network you broadcast email on is an owner so if it is on a LAN or on a mainframe on a LAN or on a company machine, you don't own your email...

    I have been in long debates over this.... Trust me. I had computer ethics classes.

    Leimy
  • They don't have to warn you at all. Any email sent from the company network is company property. Many people have lost their jobs as companies hire Email detectives to find dirt on their people.

    It has prevented a lot of business espionage from happening in the past and those who get caught get fired.

    Leimy
  • Like everyone else, IANAL. Just keep it in mind...

    "I live under the assumption that my employer cannot tap my telephone or open mail delivered by the US postal service and that I have the right to free speech under the constitution.

    Correct. However, I would suppose that this only applies outside of your workplace. No one can (legally) open mail that goes to your house or tap your home phone (although, apparently the FBI can get a court order and do this--this is wrong IMO). Since your employer owns the telephone and computer in your office and you make a contract to work for them, they can monitor you. I think you could look at it as if they were allowing you to use their equipment and have an agreement on what you can and cannot use it for.

    Why is my E-mail and my very keystrokes on the computer any different? Please remember my work does not involve national security.

    I don't think it really matters. I think that any employer (private or public) can make agreements on what their employees can and cannot do at work.

    Also, since this policy was not in effect when I started my employment what are my rights if I refuse to agree with the conditions and log off?"

    Now, this is an excellent question that I don't have an answer to at all. I assume that those "you agree so long as you have read this" things are actually binding; otherwise, all those software licenses would be void.

  • What cracks me up about this warning to Log Off Immediately (yadda yadda) is that for Unix-like machines, this message is delivered by /etc/issue before you've even logged _on_.

    I suppose that's to be expected in these days of "Log onto our website at www.duhhhh.com"
  • I've worked as a systems administrator, too. In my first such job, I worked for an academic institution, and there was no policy about emails and such. Internet wasn't so hot, yet. It was mostly used by academics. But even then, should there have been policies about email usage, monitoring emails would've been the last thing I'd had time for. I read other people's emails when they came complaining about email not working. And I read the headers only, because I didn't need any more to work with.

    Later on, I've come to the conclusion that systems administrators, even when allowed by the managers, don't have time to read other peoples email. There is work to do, and unless monitoring email is on high priority (in which case there are people whose job it is, who really don't do any technical administration), nobody is going to care. Yes, I've seen logs from web proxies - lots of *xxx*.com sites. Then the company established policies regarding surfing the web, and added blocklists to the proxies. Not just about porn, but eg. games-sites (young employees means playstation.com is high on the list). Some manager checked weekly log reports about which domains were hit most often, and added sites to blocklists.

    But the main point is, unless there are huge resources for just monitoring people, nobody is going to have time to do it. OK, some weekly reports about domains most hit by browsers or email, something like that. And when there are problems (eg. administrators get virus warnings from email scanning subsystem), more close monitoring of single events.

    I challenge anyone to tell that they really have worked in a position where they have really monitored people's doing, not because of something not working or alike, but just because a) they can or b) they're required to do it.
  • >> The government of the United States may be an employer, but it is a public employer, not a private one. Thus, I can't see any reason why it shouldn't have to obey the Constitution, especially the fourth Amendment.

    They're not searching and seizing anything they don't own. It's their computer, their network, and you're there on your dime. If it was your computer, your network, your time, and they're tapping into it, that's where the 4th ammendment comes into play.

    >> And why shouldn't a private employer be held to the Constitution also? They are located in America; shouldn't they have to play by the same rules as everybody else? Something is really wrong here.

    Yes, your grasp of the constitution is wrong here. The bill of rights is specifically set up to limit the rights of the _government_, not individuals or businesses. Limits to the rights of businesses and individuals are made by laws, not by the bill of rights.
    If you don't like an employer's policy that IS legal, you have the right to leave. You can find another employer, or go into work for yourself. You can start a company, hire employees, and then decide if you want to give them free reign to do whatever they want from the computers and networks you own, on your dime. (Hmm. Angry employee launches a DOS or crack attempt from your network and you didn't do anything about it or even have a system in place to catch it? What how fast your butt gets sued and you're out of business. Disgruntled employee sends trade secrets to your rivals? Your rivals flourish, your business goes under.) Boy, it's completely unethical for these businesses to want to know what you are doing while you're being paid to work for them on their computers and their networks!
  • I agree. Its obvious that its legal, and it has stood up in courts. I'm not sure why this is on "Ask Slashdot" because there isn't he can do.

    If they want to raise a general discussion about whether this is right or wrong a regular /. forum might be more normal I guess (oh well, who cares really - now that I think about it, I don't). His work falls under the DoE. What does he expect? If spy on employees is legal at IBM, why wouldn't you expect this at the DoE? Its not his equipment, and its not his time. Its our tax-dollars and I'm kinda glad that security is a strong concern of the supervisors there - but then I'm a security freak. Would I want to work their? No, probably not. Being watched sounds really icky, but its legally backed. It may be morally ambiguous, but legally, as you said, it is not.

  • At least you work for the US government. In Sweden, one of the funny things about our legal code is that all printed information in (most) government agencies has to be made available for public access, as can be seen in the recent Scientology case.

    Lately, the courts have ruled that this also includes emails sent from government computers. Imagine not only having your employer able to snoop your email, but having it possible for any reporter with an axe to grind scan it for anything suspicious.

    Let me tell you, in Sweden, you want to be working for the military. At least, they'll keep whatever info they gain to themselves.
    ---

  • It's that the nukes and the knowledge to build them (especially the knowledge) would be dangerous to an unfortunate degree in the wrong hands.
    It's called 10 kg weapons grade plutonium, produced from any 'breeder' reactor.

    Most Americans don't realize that smallpox killed off upto 90% of the non-euorpean population from 1492 to the early 15 hundreds. Sure it wasn't intentional but it was more effective than anything else unleashed on a population before, since?

  • A company I worked for once decided to install LittleBrother to track everyone's web usage. Needless to say I didn't like this. The first thing I did was change my netscape startup page to something like 'http://www.company.com/likes/to/spy/on/their/empl oyees.html'..
    (this was before they had mentioned it to the employees, I just wanted them to know I had found out their little secret)

    Well, after that little bit of rather juvenile defiance, I got down to serious business. Luckily I ran Slackware at work. I created a perl program that would randomly generate 'legal' web requests (about 5-10 an hour, with a break for lunch :) ).. under LittleBrother, this is quite effective, because it creates pretty little bar charts that shows how many 'illegal' requests you have made, in _proportion_ to 'legal' requests, therefore upping your 'legal' requests has a big impact..

    I've still got the program, should anyone want a copy..

    Oh, and I also started doing all my illicit web browsing through an ssh encrypted session.. :)

  • Why not make a graphical keyboard application and then they would have to record mouse clicks..

    I don't know where windows would capture the keystroke? Keyboard driver, or GUI widget inputs?

    If its keyboard driver, then mouse clicks would fix the situation..

    Or just install linux. :)

    The web tracking is a different problem. :)
  • It's not that America's nuclear arsenal is so dangerous--it isn't.
    I can't agree with that. By my standards, 1 nuclear blast in the world is too many. I believe we have, what, on the order of 10^5 warheads? That's dangerous. But you're right about the spread of knowledge to rogue states/terrorists being the biggest threat.

    Near the top of the list would be the arsenals (nuclear, chemical, AND biological) of a range of countries.
    Fortunately, it turns out to be pretty hard to build successful versions of those things (especially to put them on warheads). Terrorist groups scare me most. Most of them have people willing to die to fulfill their mission.

    Or perhaps even worse, the possability of the emergence (either through random mutation or careful manipulation) of an air-borne retrovirus (what happens if you take a disease that is as hard to cure as AIDS, kills as fast as Ebola, and spreads like the common cold?).
    That sounds like a modern black plague. A lot of people would die in that scenario. Perhaps even most people. But fortunately, the more virulent a disease, the harder it is to survive in the long term if it can't find more hosts. If the cold suddenly started killing people overnight, a lot of people would die. But eventually there would be few living people with the cold, and those few left could pick up the pieces.

    Of course, one of those worries (and a very serious one) is infringements on free speach and privacy, such as this latest assault by the DoE.
    It may be disturbing that they are so ominously threatening people, but one must realize that one of the goals of this warning (really, the only goal), is to deter people "from even thinking about it." I have confidence that in this situation, DoE could probably do all the screening it wants and not be on shaky legal ground (as lots of posts have said). At least in this case they're not doing it in secret.

    One more thing--someone mentioned workers protesting security measures at Los Alamos. They were very correct--the most effective solution here when dealing with the gov't or a corporation is to organize and protest. Organized Labor--it's worked before.

  • "Do what you're being paid to do, and nothing else, and you have no reason to be paranoid."

    Whoo... Comments like this make me paranoid. As far as I understand, these kind of "Big brother is watching you" things are legal in the US. I'm glad I live in the Netherlands. Here, spying on employees is considered a bad thing.

    In the Netherlands there was great controversy about placing security camara's in public places (mostly in city centre's with large amounts of bars in the neighborhood). They even created special privacy rules for police officers that were watching the pictures.

    I do understand that employers want to know what their employees are doing, but I believe spying on them is not a good way to increase their productivty. Giving employees a bit of responsibility works usually better than treating them as bad guys on forehand.
  • I remember my first sysadmin job, running out of space in /home. You don't expect your landlord to help you clear out your closet when it's full, but for some reason you DO expect your sysadmin to help you clean out your /home partition when THAT is full... whatever...

    ... so I do a scan of /home looking for core files. Delete a couple of them. Helps a bit, but still very full. OK, scan for the biggest files...

    ~name-of-boss/pics/mpeg/fisting.mpg

    ~name-of-boss/pics/mpeg/wet-and-wild.mpg
    ~name-of-boss/pics/mpeg/anal4.mpg
    ~name-of-boss/pics/mpeg/teen-cum.mpg
    ~name-of-boss/pics/mpeg/shower12.mpg
    ~name-of-boss/pics/mpeg/bondage3.mpg
    etc etc etc...
    (readable only by the owner - at least the boss had HALF a clue...)

    Er, right... OK... This is the boss that asked me to make space, OK... how to be tactful about this? Hmm, OK, how about I just "du /home | sort -n -r | head | mail -s 'these are the biggest directories on /home - please tidy them up' allstaff"...

    ... and of course, a bit more space appears shortly afterwards...

    ... and of course, a few weeks later, the space is full again, the boss is back again asking to make more space... "Can I buy a bigger drive?", "No, we can't afford it" (those were the days!)...

    Interestingly enough, the largest directory was now called ~name-of-boss/p/m/. The largest file was still ~name-of-boss/p/m/fisting.mpg...

    I figured, what the hell, delete a couple of them, 20% of disk space restored, let's see if he's going to ask me to restore THEM from a backup! :-)

    And NO, I'm not going to name the boss, or even the company that I used to work for then... :-p

  • I do contract work for the US Military, and we see a very similar message every time we log onto one of the servers. It reads:

    THIS IS A DEPARTMENT OF DEFENSE COMPUTER SYSTEM. THIS COMPUTER
    SYSTEM, INCLUDING ALL RELATED EQUIPMENT, NETWORKS AND NETWORK DEVICES
    (SPECIFICALLY INCLUDING INTERNET ACCESS), ARE PROVIDED ONLY FOR
    AUTHORIZED U.S. GOVERNMENT USE. DOD COMPUTER SYSTEMS MAY BE
    MONITORED FOR ALL LAWFUL PURPOSES, INCLUDING TO ENSURE THAT THEIR USE
    IS AUTHORIZED, FOR MANAGEMENT OF THE SYSTEM, TO FACILITATE PROTECTION
    AGAINST UNAUTHORIZED ACCESS, AND TO VERIFY SECURITY PROCEDURES,
    SURVIVABILITY AND OPERATIONAL SECURITY. MONITORING INCLUDES ACTIVE
    ATTACKS BY AUTHORIZED DOD ENTITIES TO TEST OR VERIFY THE SECURITY OF
    THIS SYSTEM. DURING MONITORING, INFORMATION MAY BE EXAMINED,
    RECORDED, COPIED AND USED FOR AUTHORIZED PURPOSES. ALL INFORMATION,
    INCLUDING PERSONAL INFORMATION, PLACED ON OR SENT OVER THIS SYSTEM MAY
    BE MONITORED.

    USE OF THIS DOD COMPUTER SYSTEM, AUTHORIZED OR UNAUTHORIZED,
    CONSTITUTES CONSENT TO MONITORING OF THIS SYSTEM. UNAUTHORIZED USE
    MAY SUBJECT YOU TO CRIMINAL PROSECUTION. EVIDENCE OF UNAUTHORIZED USE
    COLLECTED DURING MONITORING MAY BE USED FOR ADMINISTRATIVE, CRIMINAL
    OR OTHER ADVERSE ACTION. USE OF THIS SYSTEM CONSTITUTES CONSENT TO
    MONITORING FOR THESE PURPOSES.

    I figure that this is just part of my job, like the nosy background check I had to go through. As long as I am doing my job, I should have nothing to worry about. (My $0.02)
  • Time to bring a laptop...
  • > I've worked in far less facist environments,

    That's fascist.

    I saw an angry Cuban holding up a "facist"
    sign the day after the Elian raid and it
    made me giggle...

  • This post is a joke, right? (Sometimes I'm slow in recognizing net humor). For fun, let's pretend you were serious:

    NOBODY should have the power to develop nuclear weapons!

    You're six decades too late, I'm afraid. The Germans began developing nuclear weapons in the late 1930s, and the U.S. and U.K. and U.S.S.R. started very soon afterwards.

    I'll play devil's advocate and argue that the half century of relative peace in the world among the superpowers (no instances of "total war") is a direct result of deterrance. I know this will be hard for you to swallow, but in the context of preventing conflict nuclear weapons have actually saved lives and have reduced human suffering.

    Now stop living in the dream world, Neo, and come to the real world. Nuclear weapons exist. Many nations have them. Many nations want them. No nation (except South Africa) has ever willingly dismantled and destroyed its entire stockpile. Talk of love and peace and "let's all hold hands and sing" is quaintly antiquated, and not even a remotely practical way to solve the problem.

    ...the whole concept of war is completely fucking STUPID!!!

    You remind me of some of my former students, "Our having to learn this electromagnetic theory is stupid!" They didn't persuade me then, and I'm afraid that you don't persuade me now.

    Clauswitz wrote of war that the threat of war and the resolve to go to war to settle a conflict is vital to a nation's being able to conduct foreign policy. I suggest you get used to the concept of war; it has been around for a very long time, and it does not appear to be going away anytime soon.

    I think you would find that most citizens of ANY country would prefer to have peaceful relations with other countries than be at war.

    The United Nations, arguably the largest representitive body in the world, continually sends out troops to "keep the peace" in places. Sometimes "keeping the peace" results in wars being fought by these same troops. I would argue that sometimes when the cause is sufficiently important most people would prefer war to passivity. To say "let's all get along with one another and not fight" is impractical when the opposing side does not share the same distaste for conflict, or when the cost of human suffering resulting from not fighting is too great.

    ...if people weren't so filled with hatred for fellow man, and had compassion and love, then this world would be a better place.

    Agreed. Now just how do you intend to carry this out? (And what exactly does this have to do with stopping Hitler?) Again, I suggest you take a good look at the world as it is rather than as you want it to be. You would be surprised at just how nasty people can be towards one another.

    Oh, and in case you couldnt tell, I believe the open source idea should be applied to everything.

    Then I hope that you and your family are among the first to suffer once "Anthrax Incubation for Dummies" and "An Idiot's Guide to Saren" kits are sold over the internet.
  • While the US can pretend to its citizens that it is somehow different from Iraq, its own actions frequently force the rest of the world to remain unconvinced.

    Perhaps I misunderstood your post. Upon rereading it I get the impression that when you wrote that you (and, according to you, the rest of the world) consider the U.S. to be roughly equivalent to Iraq in terms of its use of weapons of mass destruction. Is this the point you were trying to make? After a list of questionable activities of the U.S. government, you compare the United States' activities with Iraq's, a state that has used chemical and biological weapons on its own people (as well as on Iran during the Iraq-Iran war). If this isn't bashing, it's at the very least an unfair comparison, one that deserved some attention IMO.

    The U.S. nuclear stockpile is safer than almost any other present-day stockpile. (The likely exception being China's).

    Don't become yet another person whose response to anything that fails to glorify the USA is a kneejerk assumption of anti-americanism on behalf of the writer. That's an irrational cop-out.

    Don't assume that because I object to your comparison that I am some kind of flag-waving zealot, or that I'm even from the U.S. That's also an irrational cop-out. I merely was pointing out that controlling the information that facilitates construction of weapons of mass destruction is the prudent thing to do; one's feelings towards the nations with the capacity are immaterial. This has nothing to do with whether or not you agree with the policies of the nations who have nuclear weapons. It has nothing to do with the right or wrong of developing or using nuclear weapons in the past, the moral dilemma of spending large amounts of tax dollars on the unpopular task of safeguarding the U.S. nuclear capacity, on the ethical problems associated with advocating disarmament in one breath and talking SDI development and resuming testing in the next, on being slow to ratify or carry out any treaty unless it gives the U.S. a strategic edge. This has nothing to do with anything, really, except the cold hard fact that the fewer nations with the capability of waging nuclear war the smaller the chance that an accident can occur or that some loose-reined fool like "bombs away LeMay" could intiate nuclear aggression.

    You and I are probably in agreement here. You wanted to make a point, and so did I, and I think we both agree with each others' points. My apologies if I misunderstood your original post.

    (Truth be told, perhaps the most responsible nation in terms of nuclear weapons is South Africa; they are the only nation to have developed and tested nuclear weapons and then willingly relinquished this capability. Of course, since saying anything positive about South Africa is politically incorrect I think I'll stop here).
  • Your impassioned diatribe is largely irrelevant in the discussion at hand. Regardless of the activities of the U.S. government, which you may or may not agree with, protecting nuclear secrets is not only prudent, it is the morally correct thing to do.

    An organization requires three things to develop a nuclear capacity: 1) The technical expertise and knowledge of how to develop nuclear weapons, 2) the raw materials, and 3) enough capital to do so. Protecting nuclear secrets falls under item 1). Unless you are so loopy as to believe that the world would be safer if everyone who wanted a nuclear capacity had one, you cannot deny that protecting nuclear weapons secrets is the correct course of action, if even by a nation that you loathe so much.
  • Am I the only one who is thinking "weird" here? Here I am, on the most info-aware crowd on the planet, reading that it is -good-, and -usefull-, and fsck'ing -possible- to keep doopy little details about important tech secret.

    Sjee, my guess is that it will not work.. Countries or individuals, who have interest in bio-, chemo-. nuclear-, infotech have like, the Internet -duh, to find information on priciples, the curiosity to keep looking anyways, the inventiveness to spy on us in any means, in spite of us spooking our national energy workers.

    Maybe we should focus on education and free information, instead of censoring.

    Slhugs SlashDread
  • I dont mind not having privacy, face it, privacy is dead really, get over it.

    What is FAR more important is who is to have access to all that data.. If it IS NOT public, THEN only THEN I am scred.

    Imagine the whole world being viddotaped from some sats.. On a high res, infinite backup scale.. We CAN NOT stop such a thing, it WILL happen. Sooner or later. Thats ok thou.. as long as I CAN SEE IT TOO.

    Greets SlashDread
  • Clearly, both the private sector and the government have decided that network and keystroke monitering is necessary and legal. What about at academic institutions? Universities have traditionally been bastions of freedom, so I wonder how this trend toward privacy invasion is playing out in academia. Can someone in a university IT department shed some light on this?
  • Dear Julie:

    It's been so long since we.....( long description of what the individual would like to be doing with Julie).

    of

    Dear Sadam:

    Here is the information you requested on the guidance system of the Patriot Missle. As you can see the system could be jamned sufficiently to force it to miss your scuds.

    Both emails are inappropiate, one means someone may be having an illicit affair, the other means that some vital information has been given away that will prevent anti-missle defense systems from working as intended.

    Come on. The DOE or DOD aren't going to be looking through your stuff to see if you're surfing porn. They might, but are going to care a whole lot less than if you are selling National Security Secrets.

    That's why (as steted in the original article) they implemented it. Someone apparently sold such secrets, they want to stop it.

  • Every week (or every day), post a Freedom of Information Act (FOIA) request for ALL logs they have kept on you. If the information requested is not a matter of national security, they MUST provide any and all logs they have kept on you.

    Of course, if they haven't kept any logs, you can be happy that they haven't (yet) chosen to spy on you.

    If enough people posted enough FOIA requests for full keystroke logs, the department would get tired pretty quickly and probably stop.

  • this is not a similar thing, this is a very different thing. None of it is your property, how could you have any rights to it? I tell you what, if you send your personal email from my computer I've got every right to read it, and if you dump your love letters to your girlfriend on my living room floor I'm going to read those, too!
  • Cripes, the DOE uses polygraphs? Haven't those things been proven fairly conclusively to be completely and totally ineffective?
    --
    "HORSE."
  • The parent of this post is incorrect, as is the reply by Spectre. The DOE does a very large portion of the research into developing, testing, and maintaing nuclear weapons. For instance, the big project at the Lawrence Livermore Lab (a DOE national lab) right now is NIF, the National Ignition Facility. This will be the world's most powerful fusion testbed (500 terawatt laser!) and it's primary purpose is Stockpile Stewardship. That is, we have a lot of old nukes, and we want to make sure that they still work. Testing them is against the test ban, so we have to simulate with small-scale fusion. This is basically completely a DOD thing.

    All (the vast majority) of the funding is provided by the DOD, but the DOE does the research. This is just an artifact of the way the federal budget is set up. There are two separate classifications, the function classification and the agency classification. As another example, the money for crop subsidies goes under the USDA, even though they don't really do much for the program.

    Most of the budget is like this, actually. And by "this", you can take me to mean either split up into function and agency budgets, or incredibly obscure and confusing. As another little tidbit, Lawrence Livermore is administered by the UC Regents (benefits, etc.) of BSD fame.

    Walt
  • I've worked as a contractor for several high profile Comms companies over here in the UK and all of them have similar messages on the logon screens. Most of the time, people just don't give a shed about it, but I know that it is possible for the admins to monitor who does what and goes where.

    I didn't like it then, so I found a way around it. I still don't now, even though I'm at a different company now. I've just found my way around it... Thank fsck for the lax DHCP servers they have around here....

    I know that the places I've worked here do have the ability to prosecute you based on the strength of the NDA (Non Disclosure Agreement) that people have to sign when they start work and that the logon warning just gives a little more leverage so that if they had an axe to grind, they could really nail you. I know of people who've been out of the door quicker than a hamster on speed, with a couple of "helpers" to make sure he doesn't get "lost" or "forget" something on the way out.

    Like I said before, I just work around things like that these days: If it's not obscure, it's too easy.

  • If nothing else, your refusal would consume vast amounts of management time, and they might reconsider the policy.

    More likely in this case, they would probably reconsider his employment. The government doesn't have much of a sense of humor.


    ...phil

  • by joss ( 1346 )
    Apologies for going over the top, but the circumstances you describe are very different to that implied by your original post. Doing a search as a one-off as a result of coming across kiddie porn is entirely sensible.

    I'm slightly sceptical about the kiddie porn business though. It's the example that's always given whenever politians try to justify surveillance, encryption bans, whatever. What kind of admissions policy would hire someone stupid enough, nevermind sick enough, to view kiddie porn in a government office ? Do you think that blanket surviellance of the population is justified (we must protect the children...), after all kiddie porn is equally detestable at home or at work ?

    I'm not arguing that employers don't have the right to monitor their employees, just that it's usually misguided.

    > I would far prefer competent creative employees doing their job all the time

    Does the word "Duh" mean anything to you ? The point I was making which you ignored (reasonably considering my rudeness) is that it makes far more sense to judge people according to what they produce rather than how they spend their time.

    Suppose I have 2 employees: Bill produces 10 widgets a day, Fred produces 5 widgets a day (of equal quality), Fred spends his whole time working diligently, but Bill spends half the day masturbating in the bathroom. I would fire Fred before Bill. It would be even better if Bill cut down on the wanking and produced 20 widgets a day.

    Distrust and intimidation is seldom an optimal way to get better performance from your workers. It might be a reasonable way to run a cotton farm with slave labour, but it's less effective in a software shop.
  • A sane organisation judges employees by their performance, ie by what they achieve, not by whether they had "inappropriate images" in their cache.

    Who cares much time is spent working, what matters is what gets done.

    A competent creative person will achieve more of value in 30 minutes than some droid who diligently spends 50 hours a week "behaving professionally". I would far prefer employees who browsed porn or spent the odd hour checking out /. than some self-righteous prick who thought a good use of his time was snooping on other employees. If they're good at their job, I couldn't care less how they spend their time.
    If they're not, then they can "act professionally" all day long, and I'll still fire their ass.

    In the commerical world this is self correcting, companies with their priorities screwed eventually go belly up. There's no correcting mechanism in the public sector, you end up with bloated monsters that piss taxpayers money away paying a bunch of useless cretins to stare up each others asses all day.

  • Do they have a legal right to monitor? Yes.

    Do they have an -ethical- right to monitor? No.

    Ethics and business are often incompatiable, sadly. One place I used to work, I was informed that I had acted "improperly" by implementing recommendations formally presented at a security briefing. This is not uncommon. When it's a show-down between politics and common sense, politics WILL win.

    "By hook or by crook..." (Number 2, intro to The Prisoner)

    The more I've worked, the more I realise that the TV series "The Prisoner" was an idyllic futuristic dream, by a hopeless optimist. For all the brain-washing, torture and pressure put on Number 6, not one single Number 2 ever pretended that they had the moral high-ground.

    As for what you can do. Well, you can remap the keys, and write a simple substitution program that sits on INT 09. That way, it doesn't matter if what you type is logged. Your boss is unlikely to spend the time decrypting it. However, they are likely to regard that as a hostile act on your part, and subject you to disciplinary measures.

    Alternatively, you could use macros and function key definitions extensively. That way, what you type can make sense, but be subtly different from what the computer actually sees. The problem here is if your network is being monitored. The discrepency will eventually show up, and you'd probably be whisked away for intensive interrogation.

    The third option, though potentially the most dangerous, is to combine the last sugestion with IP spoofing and IP monitoring. This would involve redirecting the -real- network requests, such that they don't return to your computer, directly, but rather to your subnet. From there, you can sniff them and process them as if they were to you. (You can't just multi-home your machine, as it would be too easy to pinpoint which machine the communication was for.)

    This is exceptionally dangerous, as the penalty for being caught would be gruel and striped pyjamas. On the other hand, if you spoofed it to whichever senior official ordered the monitoring, either the entire work-place will go into panic-mode, or the matter would be quietly and discretely ignored.

  • Yes, emphatically. Either teach yourself to lie (not a hard skill, just ask any one of 100 million salesmen across the world), or convince yourself that you really aren't lying (Never underestimate the power of rationalization). Most of us could beat a polygraph given a few hour's practice.

    --
  • If you don't like the new disclaimer, all you can do is quit.

    That's not entirely true. Instead of quitting you can threaten to quit. Or you can write a letter complaining about the situation without including resignation threat.

    Quitting fixes the situation outright, by removing yourself from it.

    Threatening to quit or complaining (or, preferably, both together) works far better if everybody does it. You can even do things like not show up for work until they agree to stop. One term for it, if you do it all officially, is "forming a union".

    Hey, at least they're nice enough to warn; no requirement for that. They could do it legally with no disclaimer.

  • At some point you'd probably have to connect to your employers network, so if they aren't able to scan you directly they'll just sniff what comes over your connection.

    Sniff away; all they'll see will be ssh packets to and from my servers at home.

    --
  • As long as they've notified you upfront that they're logging your keystrokes, they're within the bounds of the law.
  • Sounds like a standard systems disclaimer to me. Not many employers use keystroke monitoring on a wide scale, just because of the space requirements and implementation difficulties. (Now, think of a keystroke capture app that could, in real-time, detect unauthorized behavior -- *that's* an idea! A rather Orwellian idea, but an idea, nonetheless.)

    Such disclaimers are very common in the corporate world. Prior case law has struck down computer crime prosecutions simply because the systems in question did not clearly lay out access rules and regulations. Therefore, most corporate servers -- and, increasingly, corporate workstations -- display this boilerplate in order to support prosecutions against those engaged in unauthorized access.

    Now, as the Larry Wall case shows, the line between "authorized" and "unauthorized" is very thin indeed. Don't forget to ask for your manager's approval before setting up that e-mail proxy....
  • But if you have sufficient access to your own desktop, shouldn't you be able to kill the logger?

    Sure, you could. But since you are (we presume) working at a government installation, processing sensitive and classified information, doing so would likely get you put under investigation for espionage.

    Even if you are innocent, that is not something you want to have to go through. And if they find you were doing something bad (like selling secrets to the Chinese), you get an all expenses paid trip to Leavenworth.

    Trust me on this: You DO NOT screw with the Security Police.
  • I don't think bringing you're own laptop or whatever would do it. At some point you'd probably have to connect to your employers network,

    Not necessarily. If you plug into a phone jack and dial out to your own ISP, there isn't much your employer can do about it (tapping into a modem connection demands specialized equipment that usually only law-enforcement agencies have handy). Also don't forget the SneakerNet -- and wipe the floppy afterwards.

    The point is, your laptop is your private property and nobody can take a look at what's inside without a court warrant.

    Kaa
  • I don't think bringing you're own laptop or whatever would do it. At some point you'd probably have to connect to your employers network, so if they aren't able to scan you directly they'll just sniff what comes over your connection. Plus, if you're sending email from your own non-employer email to your co-workers, I'm sure they'd just be more dilligent about scanning the email of whoever you're talking to...there's now way to win. they control the horizontal...they control the vertical...

    "Leave the gun, take the canoli."
  • The government of the United States may be an employer, but it is a public employer, not a private one. Thus, I can't see any reason why it shouldn't have to obey the Constitution, especially the fourth Amendment.

    Courts have previously held that the government has to take into account the fact that it is bound by the Constitution.

    And why shouldn't a private employer be held to the Constitution also? They are located in America; shouldn't they have to play by the same rules as everybody else? Something is really wrong here.

  • I saw that, and I completely agree with you. Everyone freaks out about Lee because he's not an American, and Deutch is using classified documents unprotected on his home computer. The computer he accesses the Internet with. Barely made the headlines....

    Big Brother, where are you when we need you?

  • Two things for you:

    1. I would really like a good reference to the alleged article describing the "inevitability" of an accidental nuclear launch. I don't believe you or your source, so give me a bibliography. It had better be something better than the National Enquirer.

    2. $60-70 per barrel for oil would cause a world catastrophe. Not in the U.S. We would be affected, but we also have enough money and resources to get around such a problem. I think most of Europe would be just fine too. They are already accustomed to high fuel prices. The real devestation would be, say, farmers in Africa and South East Asia, who just bought their first farm tractor, only to see operating costs triple or quadruple. All because of some conflict thousands of miles away from them that they have nothing to do with and no control over.

    And by the way, if New Zealand were to call the United States a "Rouge Superpower"...

    >>New Zealand, for example, would face serious consequences.

    WHAT? What are you talking about? Do you honestly think that a tounge lashing by New Zealand would concern the United States? Serious consequences? What serious consequences? Carol Mosley Braun (the U.S. Ambassador to N.Z.) might have to schedule a dinner party.

    This is not to say that N.Z. is unimportant. The reason that N.Z. will never have anything to fear from the irrational juggernaut that is the U.S. public is because they are not trying to buy ignition devices for nuclear weapons from unscrupulous companies. They are not trying to buy the worlds largest cannon from other unscrupulous companies. They are not stockpiling Anthrax or VX gas. They do not have an arsenal of unguided ballistic missiles.

  • I have to say that your argument is unconvincing. Even the link that you provided is a little sketchy. Many of the "incidents" described by this link [cdi.org] involved nuclear weapons not containing fissile material. Nuclear weapons that do not contain fissile material are not nuclear weapons. They are only bombs.

    This is not to say that any of the accidents involving fissile material are not serious. Contamination is very serious, and plutonium is one of the most deadly substances known to man. But we are not yet approaching the seriousness of a nuclear detonation.

    The reason that I say that rising fuel prices would have more of an effect on undeveloped countries is because they do not have the resources to do research into alternative fuels. High oil prices would only speed the research that is already being done in the west to eliminate dependency on oil.

    As for New Zealand. I did not intend to infer that New Zealand is an insignificant nation. My point was to say that New Zealand, unlike Iraq, North Korea and to a MUCH LESSER extent, China, is not about to have a war with the United States or one of its allies. New Zealand is not threating to invade its neighbors and is not threatening world peace. Nor is it ever likely to want to. That is why any statements that New Zealand makes regarding the politics of the United States are not going to cause much concern in the U.S.

  • You are certainly correct, or close enough for the purposes of this argument. Whether or not Fermi does any research is not the basis of my argument.

    What I'm trying to say is that when you mention DoE to Joe Schmoe on the street, my guess is that nine times out of 10, Joe's going to be thinking about nukes. When Joe Schmoe starts thinking about nukes, he's not going to listen to reason. He's not going to care that Fermi is doing important particle research. Most Americans think that fusion reactors can go critical and explode. Most Americans think that fission is too dangerous to warrant building new nuke-you-lar power plants. Most Americans probably also think that all the DoE does is build nukes.

    I'm not trying to say this argument is logical, or even morally correct. In fact, I believe it is neither. The problem is that when you deal with computer secrecy for the DoE, then you can easily build up the mass hysteria that the United States is prone to. I'll bet most Americans would chose to have the Chinese man (sorry I forget his name) accused of spying at Los Alamos strung up rather than give him a fair trial.

    I guess my argument really is this: When dealing with what the DoE does, the public will willingly throw out logic, political correctness and even the Constitution of the United States of America. And if the public won't, I'm sure the NSA would be more than happy to oblige.

  • The reality is that not only do they (not only the DOE but any employer) have a right to monitor your phone calls, and your emails, and your key strokes, they can also ask you to take random drug tests. The only thing they can not monitor is the break room and the bath room. Otherwise, they can put cameras everywhere. Why? The short answer is that employment is voluntary, so you can be asked to give up your privacy, in exchange for a job. An excellent article on this can be found here. [fairfaxbar.org]

    As a side note, the reason most Silicon Valley employers don't do any of this monitoring is that they KNOW they'd lose employees. The only real way to fight this is to band together, and to inform management that all of the technical staff will leave, if monitoring/drug testing is done. They can not afford to lose the skilled folks. So, they'll usually cave.

    Remember, the only power you have is that they need you more than you need them...
  • Email, webhits and network traffic can obviously be logged. Whether it is, or whether those logs are analysed is a different matter.

    But if you have sufficient access to your own desktop, shouldn't you be able to kill the logger? What are common logger names to we can seek&distroy? Or are they usually hidden process that can evade the tasklist?
  • And, arguably, for very good reason. Not that I think that
    particular argument is correct, but it is a compelling argument,
    and many will think that. It's hard enough to make sure that
    security is air-tight for the areas where it's required without
    trying to make sure it is air-tight ONLY where it matters.


    Got to disagree: I think you can't get security right unless you
    make distinctions between level's of security. If you try to make
    everything an organisation does operate at the highest level of
    security, then people's day to day antipathy for the tiresome
    bureaucracy involved will make them conspire against the security
    measures: as is happening with this Ask Slashdot.

  • (I'm guessing you have US citizenship to protect you from US weaponry).
    It's amusing to imagine that US citizenship would provide protection from US weapons while posting on the 30th anniversary of Kent State [may4.org].
  • The point is, your laptop is your private property and nobody can take a look at what's inside without a court warrant.


    Or if you grant access to it, but then you can set the terms. Personally, I am willing to grant access to some of my own machines, under certain conditions. The conditions are just a bit ... extreme. They include:

    • payment
    • an agreement that anything found that was not included in the original reason for the search will not be copied or discussed
    • that when the search proves my innocence I will receive a public written apology, a large payment, and the person instigating the search will be fired with prejudice for the unwarranted accusation


    None of these terms is unreasonable, and few people would be willing to accept them.
  • I don't know about you all, but what good would this do with Unix users? I use Nedit, so I'm more often cutting and pasting with the mouse than typing out full lines of code. Lots of people use vi, who the hell could tell what they actually typed with all of those silly keyboard commands? (not that there's any thing wrong with them, please don't flame me =-)

    What if you knew this and avoided _typing_ anything sensitive? Once my keyboard went out and I shut down the computer by X copy/pasting 'shutdown -h now' after su'ing... The keyboard wasn't involved. What are they going to do, log the screens and mouse clicks? What do they do when you place the insertion point somewhere else? What kind of gibberish are these people looking through?

    You could enter 'sensitive' text without using the keyboard, then the benign stuff by typing. In short, who cares?
  • Give me a break - are we talking about your home computer or work computer? Did you purchase the computer you use at work? If the answers are "work" and "no" then you can't do a damn thing about such a policy.

    The company owns the hardware, network, data, and your time between breaks. If they want to monitor your keystrokes, that is their perogative.

    The company where I work has two kinds of phones -- the supervisor model has a monitor function that allows the manager to listen to all phone conversations of any employee in their department. You just don't have personal conversations with inappropriate content and there will be no problem. If you can't deal with such a policy, start your own company.

  • For reference, the standard disclaimer for a National Lab's web site can be found at Sandia National Labs Web Disclaimer [sandia.gov]

    I work at a DOE installation also. Their lawyers are VERY highly paid, and unfortunately, they have the Supreme Court on their side. You don't own those computers, they do. They can (and DO) do anything they want.

    As a side note, our local DOE folks also monitor your web surfing, and log ALL your page requests. They also block any https:// connections, as well requests to sites on their "Evil waste of time" list, and they grep through their logs once a week searching for "keywords" ( sexy, pussy, xxx, porn, pr0n, etc). You basically have no rights to privacy since it is their equipment, not yours.

    As a side note, we all just got email saying that all of our phone calls were logged, and that we could be expecting visits from our management about some of the more questionable phone calls. (In other words, more than a few local calls a day, and any long distance calls.)

    As a side note, all businesses have these rights, but most choose not to exercise them.

    Deal with it, or leave. The labs ARE NOT,
    WILL NOT,
    CAN NOT
    be part of the real world.

  • I also work at a national lab (fermilab, if you care, and before that Brookhaven Lab), and I've seen that very message more times than I can count (it's been up for quite a while now). We mostly ignore it (which prompts are sysadmins to make comments such as, "see the logon notice that we all ignore.").

    So maybe we shouldn't ignore it, but what if this sort of intrusiveness does stand up in court (IANAL, but this sort of thing is pretty common to my understanding, so I would assume that it's on reasonably firm legal footing)? In many cases, it's not as though we can go elsewhere to do our research. I'm a high-energy physicist. High energy experiments are very expensive, with prices that reach to the hundreds of millions of dollars. In the US, there are only a handful of labs that do it. And guess what? They're almost much all DOE labs!! What's more, depending in the type of work you do, you are completely limited to DOE labs. Even working in other countries isn't neccessarily an option, depending on what you want to do.

    That being said, I'm not too worried. I think this sort of thing is probably restricted by some sort of "probable cause" consideration. I rather suspect that the sysadmins take that particular warning as seriously as the rest of us do. It was imposed from on high, not by the people who do the real work of maintaining the systems.

    At the end of the day, many scientists don't have too much choice in the matter. The question is whether this represents a real threat to our privacy, or if it's just a way of placating the federal government. I think it's the latter, although it does perhaps open some doors that are better left closed.


  • Good point, but if you don't like McDonalds you can work at Subway, Steak & Shake, etc. It is true though, when I was working at McDonalds, it wasn't because they respected my freedom, but rather, I really need to pay rent (at least that is what my landlord was saying at the time). True most places will strip you of all rights when you walk into the door.

    The laws (freedom of speech, freedom of relgion, freedom of press) are for the US goverment. Sorry if I don't include forgien countries, but I don't know there laws there. The laws are in place so that the (usa) goverment can't screw you on basic freedoms, they aren't there to protect companies, citizens or others from taking these rights away, they are just there so the person has a right that the goverment can't take away.

    Almost any private place is going to take away you rights. If go into church and pass out, let's say "satan is sexy" bumper stickers, the church will (more than likely) ask you to leave. You scream "Hey man, I have the right to do this". Yes you do have a right to do this, from the goverment, the FBI isn't going to step in an drag you away, the CIA isn't going to sniper you, the goverment really doesn't care what you views are (at least that is what they say). The people that ask you to leave, aren't enforcing the goverment laws on you, but "their own laws", not the goverments.

    If you refuse the leave, they may call the man (ie. police officers) and have you arrested for tresspassing and distrubing the peace, but they aren't arresting you on your views. They are arresting to protecting others (the churchs) right to freedom of speech/reglion

    If you build your own church and start up a club that preaches "GNU/Linux Rocks" you are allowed to do that, and the goverment won't do anything. You could then make up your own rules, "This is the house of GNU/Linux, thou shalt not bring in closed source software" then when someone brings in a Windows98 you can though them out onto the street and yell "Don't bring that shit in here bitch, we ain't down with that". But that would be YOU inforcing your "own laws", it won't be the goverment.

    But back to your orginal comments, when most people work at McDonalds it is because they HAVE to work there, not because they have a choice. In theorgy, they way it is supose to work, is that the person should be able to go work anywhere where they have the skill to work at. Anyone should be able to do what they want when the "grow up" (atleast that is what my parents told me (I think they may have lied)).

    The thing is, if someone doesn't want to work at McDonalds, in theogry mind you (which means it doesn't work in the real world) they could get goverment grants/finacal aid/loans/scholerships to go to trade school/college/etc to gain more knowlegde, expeirnce, education, training to get the better job. This sometimes works, this is how it is supose to work. It does take time, but if they need to be able to train for a better job and be able to pay rent at the same time, there are options.

    Just for the record, I am not knocking anyone that works at McDonalds, I used to work there. They are a respectable company and am not trying to FUD them, just using them as an example.

    Even if you do have a better job, you company will still take away your freedom. Say you work as CEO of AOL (forgot his name). If that CEO of AOL came out and said AOL sucks, and used his own money to fund an AOL sucks rally, do you think the investors/stock holders/border of members respect his "Freedom of speech"?? The goverment would respect his freedom of speech, but not his company, his company would throw him out on the street (exactly the same as if he worked any other job). I think almost all jobs would fire you for something like that.

    The only really job where you have complete freedom (under the goverment that is) would be a freelance job, or a job where you own the company. For example, before Andover/VA bought slashdot, I bet CmdrTaco could say "Slashdot sucks" and not get fired since he owned the company (unless he wanted to fire himself in some weird world). There are very few jobs that offer complete and utter freedom most of them are freelance/self run|owned companies/drug dealers/pimps. For the rest of us, we must do what the man says if we want to pay rent, even if that includes giving up personal freedoms.

    On a side note, this is extremely difficult to say after just having watched Brave Heart. I bet if I had a sword the "man" wouldn't be on my back as much.
  • It matters not that you are doing weapons research. It matters not that you are checking an email from you girlfriend/boyfriend. When DOE is involved, the courts hardly matter. There are very few people in this country who are going to give a flying fsck about your privacy as soon as someone mentions nukes.

    And, arguably, for very good reason. Not that I think that particular argument is correct, but it is a compelling argument, and many will think that. It's hard enough to make sure that security is air-tight for the areas where it's required without trying to make sure it is air-tight ONLY where it matters.

    Personally, I think that they should be checking into just about everything having to do with DOE's security. There is very little on this planet more dangerous that the nuclear arsenal of the United States of America. I'd like to keep it that way.

    Indeed. It's not that America's nuclear arsenal is so dangerous--it isn't. It's that the nukes and the knowledge to build them (especially the knowledge) would be dangerous to an unfortunate degree in the wrong hands. The world already has enough terrors. Far more than you imply, incidentally. I can think of nearly a dozen worse things than America's weapons of mass destruction. Near the top of the list would be the arsenals (nuclear, chemical, AND biological) of a range of countries. Or perhaps even worse, the possability of the emergence (either through random mutation or careful manipulation) of an air-borne retrovirus (what happens if you take a disease that is as hard to cure as AIDS, kills as fast as Ebola, and spreads like the common cold?). No, the world has enough worries without more nukes in more hands. Of course, one of those worries (and a very serious one) is infringements on free speach and privacy, such as this latest assault by the DoE. Nothing is ever easy.

  • ...and that's what probably makes it legal.

    They own the equipment, they own the network, they even "own" your time at work. You can't say that you can't do your work because it might be monitored - so what, if you're doing work it doesn't matter.

    What about personal stuff, right? Well, if you don't want it monitored... don't do it on their system. It's as simple as that.

    Of course, IANAL and your mileage may vary.
  • I'm a grad student, and I work for the DOE in the Princeton Plasma Physics Lab. We have these messages as well. I agree completely that the government or a corporation has every right to monitor the data sitting in its system, but what about things that only pass through, like the keystrokes I use on my X-term to type in my password to gain access to another network.

    It seems unreasonable to give any corporation or government agency the ability to steal the passwords to other networks. Controling mail spools and data flows is one thing, but stealing keystrokes and passwords undermines every site's security. If the government or corporation wants to restrict employee access to another network they can do that by disallowing connections. But allowing keystrokes to be recorded which in turn allows the company or the government to compromise the other network looks like cracking and entrapment to me.

  • It's legal for the employer to monitor your office computer usage.

    They can even fire you for it in some cases. There are some cases where they cannot use the information against you. When discussing job benefits, working conditions, union organizing, or something along that line. Also, if you are speaking out against discrimination. Another is if you have filed a complaint of law, and the law prohibits retalition, and then they monitor you because you filed a complaint, then that is another form of retaliation (increased scrutiny, see the EEOC guidelines [eeoc.gov]).

  • "Log onto our website at www.duhhhh.com"

    I always liked, "All you need to do to be connected to the Internet is download our free software at Click&Go.com."

    I chose "Click&Go.com" because my other favorite is, "Just click on www.youneedtotypethis.com."

  • There was an article (in the NY Times I believe) recently about an airline that got a search order issued by the court to search the HOME COMPUTERS of employees suspected of organizing a union sickout or some such thing.

    So if your employer has a good enough reason?, he can even search your home computer.

    If you want to avoid having your email searched at work or home, get several anonymous remailer accounts eg HotMail. Be sure to log out every time you use it. Use one account for mainly newsletters, the other for personal mail. If they note you have a HotMail account give them the account with the newsletters :-)

  • There is no arguement as to the "legality" of the governments position. They own the network and the equipment as has been stated... they also own the information and wrote the laws.

    No one, least of all me, likes the government or the employer looking over your shoulder... but when the government is the employer and you are using government resources time and bandwidth... its better to use the resources, time and bandwidth for the reasons you are there in the first place.

    If you bring home a dog that bites you can't complain when it bites... Your acceptance of the condition is contributory to your condition.
  • In the past, I worked for the Department of Defense for several years, both as a civil servant and a civillian contractor. Let's just say that if you think DoE is paranoid, DoD is worse. I was subjected to the same sort of warnings and disclaimers about consenting to monitoring, and consenting to allow such monitoring to be used as evidence should they investigate me for wrong doing. IANAL, but this monitoring has been in place for many years, and has been used successfully in disciplinary cases, so I have to figure that there is a legal basis for it.


    To me, knowing that "big brother" was watching didn't really bother me. I can see that they have interests to protect, and I was not doing anything unauthorized. I have since left the government scene for the corporate world, and it seems to me that the biggest difference in monitoring between the two is that at least the government makes sure you know you are being watched. I see just as much monitoring in the enterprise, only it's done much more surreptitiously. My question is, is it really an invasion of privacy for my employer to keep track of what I do on his/her computers and office equipment inside his/her office space during hours when I am on his/her payroll?
  • > It's that the nukes and the knowledge to build them (especially the knowledge)
    >would be dangerous to an unfortunate degree in the wrong hands.

    ??? The USA has internationally _earned_ itself the nickname "rogue superpower", it stockpiles (and frequently uses) weapons of mass destruction and weapons of indiscriminant destruction, it has one of the worst records of initiating force in other countries, undermining democracies, propping up dictatorships with force, and worse, and you talk of "the wrong hands"?!?!

    Presumably by "dangerious ... in the wrong hands" you actually mean "dangerous to _me_ personally", rather than "dangerous to innocent people". (I'm guessing you have US citizenship to protect you from US weaponry).

    When a US General (among many others) states that the reality of the US nuclear stockpile is that it is a miracle that an accidental launch has not _already_ occured, you might begin to see why countries object to weapons stockpiling.
    While the US can pretend to its citizens that it is somehow different from Iraq, its own actions frequently force the rest of the world to remain unconvinced.
    And I bet you'd think Iraq was "the wrong hands".
  • I think there is at least one more option short of quitting: immediately log off and tell your employer you refuse to use any computer that contains that notice. If computer use is a requirement of your work, then it becomes an interesting question of whether they can compel you to use such a system to keep your job. I knew a gov't laboratory employee who refused to take a 'random' drug test for the second time in as many weeks. It really gummed up the works, and got escalated to the head of the laboratory. If nothing else, your refusal would consume vast amounts of management time, and they might reconsider the policy.
  • "I think that we should be men first, and subjects afterward. It is not desirable to cultivate a respect for the law, so much as for the right. "

    --Henry David Thoreau

    ---
    $ su
    who are you?
    $ whoami
    whoami: no login associated with uid 1010.
  • by RedGuard ( 16401 ) on Thursday May 04, 2000 @06:32AM (#1091582)
    The Bastille hardening script adds this to
    /etc/motd. The script claims it gives you a
    better chance of intruders being prosecuted.
  • by prevost ( 28302 ) on Thursday May 04, 2000 @07:09AM (#1091583) Homepage

    Carnegie Mellon University, where I used to work, has the following disclaimer at login:

    This system is for the use of authorized users only. Unauthorized use may be monitored and recorded. In the course of such monitoring or through system maintenance, the activities of authorized users may be monitored.

    By using this system you expressly consent to such monitoring.

    I think this is for two reasons: one--to make any evidence they find against crackers more legally clear. two--to cover their asses in the case that they accidentally read someone's email (or the equivalent) doing system maintenance.

    It's important to remember that if you're in any sort of shared environment, your sysadmin can very easily read every byte in the system, follow every bit thrown out the pipe, and etc. What's important is that ethical sysadmins don't use this power for evil. :)

    No really--I'm serious. As a sysadmin, and a BBS sysop before that, I've had the power to do things like read users' email for a long time. I feel that I have an ethical responsibility akin to those a doctor or lawyer has with respect to confidentiality. I will not pry--but even if I do, I have no right to make public things that I learn. This is most important when doing routine things like backups or looking for files which are taking up too much space, or fixing mail spool files when there's a bad mail loop, or the like.

    It's hard not to learn things about people that you shouldn't know in these cases. And as a result, I don't believe in sharing information learned in such ways with anyone at any time. I'm upset when I hear stories about sysadmins stumbling across somebody's private stash of kiddie porn and turning them in. It's true that kiddie porn is pretty damned foul--but in the interest of protecting everybody's right to "sysadmin confidentiality", I still don't think such things should be mentioned. At the very least, I'd probably say "please remove these files from the system, or I'll have to take steps against a potential DoS attack by law enforcement officials."

    Anyway, my two cents. I think I'll go look up the CPSR and other like-minded groups now and see if anybody's got a sysadmin code of ethics. :)

  • by Kartoffel ( 30238 ) on Thursday May 04, 2000 @06:52AM (#1091584)
    US GOVERNMENT COMPUTER
    This is a US Government computer. This system is for the use of authorized users only. By accessing and using ths computer system you are consenting to system monitoring, including the monitoring of keystrokes. Unauthorized use of, or access to, this computer may subject you to disciplinary action and criminal prosecution

    That's what everybody gets on our office machines at the Johnson Space Center. Considering the enormous mountains of paperwork that people type up every day, I would hate to be the guy who reads the key logs. ;-) Even if all they did was store the keystroke logs somewhere, it would be an enormous amount of useless data.

  • by imac.usr ( 58845 ) on Thursday May 04, 2000 @06:26AM (#1091585) Homepage
    I'm a contractor at NIH, and you can find their suggested startupscreen here [nih.gov]. It basically says that it's a government machine, they can do what they want, and although the banner isn't legally required, it does help the government prosecute people if there's a banner in place when you log on.

    As for legality, hey, man, I just work here.

  • by jbarnett ( 127033 ) on Thursday May 04, 2000 @07:03AM (#1091586) Homepage
    The think you forget, is when you want into a workplace, you lose some of your freedoms. It is a private company and they don't force these "laws" on you, they give you are choice, "play by our laws, or leave/get fired"

    For example, we all have the moral and legal right of "Freedom of Speech", but if you take a job at McDonalds, when you are clocked in your "Freedom of Speech" goes by-by. You can not say "So what the fuck do you want on this shitty ass BigMac dicksmack" to the customer. Sure, this is prefectly legal and lawfull (in the US), but McDonalds (private company) will fire you.

    If you want to be able to say "fuck" and tell the world McDonalds BigMacs are "shitty", you will have to do it on your own time. The fact is, you are working at McDonalds on your own Free will, and they hired you on their own Free will. At any time either you, or them may terminate the employement agreement. (unless you sign a contact)

    Most companies do monitor, on our phone system they warn the customers and employees that the lines are tapped, I mean montior for employee spying, I mean employee montioring and training purposes. They aren't forcing me to work here, and they aren't montioring without my permission. If I did not agree to this, I would have to either 1) quite 2) not agree to it (which would probably lead to me getting fire)

    I think an employeer has the right to monitor, but the company HAS to notify the employees for this before hand and tell them what they can and can't do with the system (ie. no p0rn in email or hot grits in pants during business hours, expect for on fridays)
  • by cprincipe ( 100684 ) on Thursday May 04, 2000 @11:24AM (#1091587) Homepage

    Mars Lander Telemetry Control System

    login: root

    password: xxxxxxxxxxxxx

    Welcome to the Mars Lander Telemetry Control System.

    MOTD: Management has become aware of the unauthorized use of agency computing facilities for the distribution and use of illicit materials, which is in violation of the computer use policy. Anyone found in possession of or transmission of such materials will be prosecuted.

    jpl:# cd / pr0n

    jpl:# rm -rf / pr0n

    ^C

    ^X

    ^C

    ^X

    ^D

  • by bughunter ( 10093 ) <bughunterNO@SPAMearthlink.net> on Thursday May 04, 2000 @07:40AM (#1091588) Journal
    I don't think you can much about it except for quitting (or threatening to quit over pervasive monitoring).

    There's always one more option, though their effectiveness may be questionable... for example:

    In the wake of the spy scandal last year, the DOE implemented a mandatory random polygraph policy for all of their Los Alamos employees. Every one. Needless to say, the affected employees were rather annoyed, and they organized and threatened action (wish I could be more specific). Anyway, the DOE just recently backed down and decided to only require random polygraphs for employees who work with sensitive information. They did something about it.

    And also, if you have enough money to contribute to your senator's campaign, you could always go the Congressional route. It works for contractors.

    (Sorry if this appears twice, but if /. hadn't timed out, I wouldn't be pressing the submit button again.)

  • by arivanov ( 12034 ) on Thursday May 04, 2000 @07:17AM (#1091589) Homepage

    A very important note: In the US.

    But invalid in Germany. There, you cannot even perform exact recording of dialed numbers on the company PBX. The employer if recording them is obliged to erase the last n (forgot how much) digits. And recording email by the employer is absolutely out of the question.

  • by DHartung ( 13689 ) on Thursday May 04, 2000 @07:11AM (#1091590) Homepage
    This is actually a very common situation, and the legal battles took place mostly in the late eighties and early nineties. The employer pays for the equipment and resources, and they have the right to designate appropriate usage guidelines as well as monitor.

    Partly this absolves systems people like me if we happen to come across your e-mail by accident (trust me on this one: I was working on a mail server yesterday and I could see the addresses EVERYONE was sending to, including some verrrry interesting domains), but also in case they have to investigate for any reason. Let's say another employee claimed you sexually harassed them in sending e-mail (let's also assume that this is serious, not just random dirty jokes, talking about the other person's anatomy for example). The company has the right to look at the victim's computer, your computer, the server, even SEARCH THROUGH DESKS looking for floppy disks on which anything relevant may have been saved. I've seen it happen.

    As a systems administrator I have to install monitoring and blocking software. I can track every site you visit with your browser, stick it in a database and e-mail it to your manager by 8am Monday morning. He can see that Joe was surfing business-related sites, maybe too much, but within acceptable limitations; Mary was spending all day long at eBay; Dave was recklessly looking at p0rn on his lunch hour; and so on. As long as there's an upfront disclaimer, all such monitoring has been upheld by the courts. It doesn't even have to appear at login; you could have signed a blanket disclaimer when you were hired, and it was just one of a dozen sheets of paper you John-Hancocked and forgot about.

    One employer determined that a married woman had transferred to another location in order to conduct an affair with a man there. They fired both of them, not so much for the affair, but for falsifying time sheets and so on, based on e-mails where they set up hotel rendezvous during work hours. They almost fired another woman who was the first woman's confidant in this situation because she had failed to report it.

    Another employer requested printouts of all e-mail sent by an employee during his last week, as well as all outside mail sent and received by his friends in the department, in order to prevent disclosure of client trade secrets.

    Another employer found that pornography was passing through the e-mail system and before any of the employees were notified, I and another individual had to check for anything illegal. If we had found anything, we were to call in the police.

    When I worked on a help desk, I never knew whether my calls were being monitored silently by my boss. My internet usage at work then was via dial-up and this came to the attention of the telephony group, who reported it to my boss, and my boss then required me to justify time spent. (I was able to do so, it was mainly research.)

    Bottom line: when you're at work, don't ever assume you have privacy. The employer has broad rights to monitor you for not only illegal activities, but for violations of your employment agreement, for slacking, for slandering, for sexual harassment. Some of the posts here speak of your government employment as a unique situation, but it really isn't. Out in the Real World you may, in fact, have FEWER rights to privacy than in your present situation.
    ----
  • by Kaa ( 21510 ) on Thursday May 04, 2000 @06:25AM (#1091591) Homepage
    Under the current law (you don't have to like it) the employer owns everything that happens on machines and networks it owns. That means that your email, your files, and, yes, your keystrokes, belong to your employer. This has been supported by courts numerous times. If you want privacy, bring your own laptop/PDA/notepad.

    I don't think you can much about it except for quitting (or threatening to quit over pervasive monitoring).

    Kaa
  • This isn't exactly a vague situation. There might be a little lee-way if we were talking about a normal corporation, but this is DOE.

    If you don't like the new disclaimer, all you can do is quit. As far as my experience goes, when working with the government, and especially when dealing with the military branches, and even more especially working with DOE, you have no rights to anything what-so-ever.

    It matters not that you are doing weapons research. It matters not that you are checking an email from you girlfriend/boyfriend. When DOE is involved, the courts hardly matter. There are very few people in this country who are going to give a flying fsck about your privacy as soon as someone mentions nukes.

    I'm not trying to say that this is right or moral, just the way it is. The NSA (National Security Agency) has very broad powers when it comes to protecting nuclear secrets. The secrets could be anything from warhead design to the number of gallons of water in a reactor's coolant reservoir.

    Personally, I think that they should be checking into just about everything having to do with DOE's security. There is very little on this planet more dangerous that the nuclear arsenal of the United States of America. I'd like to keep it that way.

  • by scumdamn ( 82357 ) on Thursday May 04, 2000 @06:44AM (#1091593)
    Big Mac
    Large Fries
    Large Coke
    Happy Meal
    Medium Chocolate Shake
    Trinoo Attack on CNN
    McDonald Land cookies
    10 pc Chicken McNuggets

    I can see how this would come in handy.

It isn't easy being the parent of a six-year-old. However, it's a pretty small price to pay for having somebody around the house who understands computers.

Working...