CNet On Online Freedom 91
jonnythan writes: "CNet apparently had a talk with Ari Schwartz of the Center for Democracy and Technology. The result is this story, which paints a terribly frightening picture of what Your Rights Online really are. It's a very informative story nonetheless, and puts the fiascos with Real Networks et al in a somewhat different light." Covers a wide variety of online situations, and how you have little to no recourse against corporate or government snooping. Not very in-depth, but maybe it will start people thinking.
Yeah, right. (Score:1)
Bullshit. Australia is a democracy; the Liberals are in power because they represent the majority. If you think they should not do what they are doing, and are actively working to hamper them in so doing, then you are an enemy of democracy, plain and simple.
The general public needs to be made aware of how insecure the Internet really is, and how governments are seeking to gain a legal right to infringe upon their basic human rights to freedom of expression and press.
Aw, please. "The general public blah blah blah." The general public voted for these people. If they don't like what they are doing, perhaps they should just shut up and learn to accept the consequences of what they do.
Even my own high school
Ah, priceless. High school kid trying to give us all a lesson on how the world should work.
Sydney Technical High was planning student email access; a proposal to ban students using encryption to circumvent monitoring was considered. The majority of the student seemed unconcerned with this, except for a few others and myself as we saw this as a blatant attempt to impose the school's authority upon us while they were claiming legal responsibility over our moral wellbeing!
Again, why do you think your opinion is worthy enough of being imposed over that of the majority? Aren't you aware of what an anti-democratic idea that is?
However, the mere fact that the school was willing to impose such draconian measures upon its students is a sad reflection of Australia's stance towards online civil liberties.
Puh-leeze. Spare us the victim role. You are a minor. As a minor, you are simply (and correctly) not allowed the full range of liberties and rights by the state. You don't have the right to represent yourself in court, vote, or fight for your country. Others are responsible for you-- your parents and the state. Since they are responsible for you, of course they have the right to deny you encryption, so they can fulfill their responsibilities.
It is essential to democracy that young men and women are brought up to be upright citizens; placing them under the responsibility of their parents and the state is how this is done in our societies. Yet you oppose this tenet of democracy. Once more, your anti-democratic tendencies show through.
I am very afraid for the future of Australia. I say we most monitor the country very carefully.
goofing off, errands, personal emails, etc. (Score:2)
Yes, in essence, this constitutes goofing off. So what? I see these guys who will implement such policies wasting enormous amounts of time standing around in the hallways each morning, coffee mugs in hand, discussing sports and what not. So some kinds of goofing off are OK, others aren't. Sheeeeit.
Another poster pointed out that he's at work all the time and ain't got time to run errands. Yeah, and everything is open from 8-5. Most software types have to work OT constantly anyway.
I ssh to a shell acount. Yeah, I suppose they could monitor keystokes but at least my mail is not on the company servers.
We haven't really seen a backlash against this kind of crap yet but it's coming. Emboldened by the laws and judicial decisions they've purchased, companies will continue to push the limits until people get fed up.
Employer vs. employee rights (Score:1)
In short, dictatorial employer control over employer-owned resources is nothing new or even especially heinous, in my opinion. The most I'd say is that employers who monitor things like phones or Net traffic should be required to notify employees, like we do with drug testing. Anything beyond that, that limits the employer's right to control their property, lessens an employer's right of ownership. Here in the States at least, "life, liberty and property" is a big catch phrase in our scheme of government.
I don't like being watched any more than anyone else, but at the same time there are situations where my employer has rights too.
Correct Link (Score:3)
Re:National security isn't just a myth (Score:2)
Have you ever personally seen a terrorist? Anyone here at Slashdot ever met a real live terrorist? I doubt it. There just aren't that many of them. "Anti-terrorism" is just the cover story, folks. Most governments in the world (including those of nations who claim to be free countries) are very much interested in destroying their citizens' privacy. If you know every little detail about millions of people, you have a very powerful (and profitable) weapon.
Without personal privacy, the government knows every tiny law you have ever broken, down to the time you parked your car in a fire lane. Do you look like you might be a terrorist? Do you have religious beliefs that don't fall in line with the norm? Do you live a certain lifestyle that the government may take issue with? If they ever feel like ruining your life for these reasons they can just pick you up, throw you in a truck, and read to you the list of laws you have broken.
"Anti-terrorism" is used to hide the profit, too! In a world increasingly dominated by corporate interests, it should come as no surprise to anyone that the government's secrecy and security agencies sell their data to corporations. What insurance company wouldn't pay billions for a list of people who they can raise rates for? What marketing firm wouldn't pay dearly for a detailed description of every citizen with a SS number, his likes, dislikes, beliefs, eating habits and route to work?
Don't be naive. The governments couldn't care less about "terrorists". In fact, the more real terrorists are allowed to do their thing, the more the governments can justify the massive invasions of privacy that are already happening.
Unnecessarily pessimistic (Score:2)
Although all the examples given in the article are truly awful and worthy of concern, it's clear that the article uses the classic journalistic technique of sensationalism. There's no balance -- not even a suggestion of it. It paints an extreme picture of the world, leaving out all the bits that don't mesh with this extreme.
This is an important issue, but don't rely on sensationalist news to inform you of the world's woes. Most people will just get steamed up about it, and that's the idea: it makes good reading -- you get involved in it. Getting steamed up isn't actually very useful, however. Examine the problems rationally, obtain information from non-sensationalist sources, and act where you can.
Re:Public needs to stop pretending there is no iss (Score:4)
Here are some facts and cases that every American citizen should know. I was pretty horrified that this entire area was not mentioned in yesterday's discussion of Federal monitoring (alas, I didn't have time to read it or post yesterday)
1) Since 1978, US Intelligence agencies have a special court (FISA: Foreign Intelligence Surveillance Act) to turn to for domestic wiretaps. Each decision is reached in secret, with no published orders, opinions, or public record. Only one of the tens of thousands of requests was ever turned down. When Clinton signed Executive Order 12949 on February 9, the powers of the FISA court was greatly expanded: It now has legal authority to approve black-bag operations to authorize Department of Justice (DoJ) requests to conduct physical as well as electronic searches, without obtaining a warrant in open court, without notifying the subject, without providing an inventory of items seized. The targets need not be under suspicion of committing a crime. Here's what Federal Judge Robert W. Warren from Wisconsin, (senior panelist on the second tier FISA Court of Review) said about his duties...
2) going down from the Federal level, wiretap abuse on landlines and wireless by state and local authorities is extremely widespread today. These wiretaps are applied without court order, with very deliberate lies on affadavits, and every other imaginable abuse of the system. A search for "illegal wiretap" will turn up links to articles listing thousands of cases Here are a few.
3)Legal wiretaps are usually not very cost-effective.
These items are just the tip of the iceberg! Do a few Google searches, and you find case after case of officers and agencies wiretapping for personal gain and institutional chicanery, of forged or fraudulently obtained warrants, and massive illegal campaigns that don't even pursue current crimes, but where the recordings are stored (as in the LA cases) for possible future use.
It's uncomfortable to think about. I don't enjoy it myself. However, before we believe "1984 has come and gone, and we're safe", we have to ask ourselves... who says we're safe? The Government?
Re:If We Can't Do it At Work Where Can We Do It (Score:1)
Re:If We Can't Do it At Work Where Can We Do It (Score:1)
(And it can feel severe even if one is just insecure.)
Re:What about the company's privacy? (Score:2)
E-mail isn't generally time sensitive, so that isn't much of a problem. One can isolate transmissions, ensure that the computers don't have floppies, Jaz disks, writeable CD's etc.
But phones are time sensitive. If you need to deal with someone, you need to deal with them when they are present. And I don't see that things become any more secure if you make the contact over a cell phone than over a company phone.
If you treat people as untrustworthy, then they tend to want to be untrustworthy. I understand the assymetry between the inconveniences suffered and the damage that may be done. But if you intentionally restrict utility, then you had best "make it up" somehow. And somehow accountants don't seem to understand this very well, not that money is the appropriate "make it up" benefit, but even non-cash benefits have their monetary cost. And most "morale building" exercises can seem like an extra imposition to some fraction of the population. So it needs to be an "at your choice" benefit cafe. (More dictatorial choices don't increase the perception of liberty.)
Re:Public needs to stop pretending there is no iss (Score:2)
If I could crack, say, a regional water utility, and download a database with a couple of years' worth of usage records, I could call my friendly neighborhood mobster and arrange a very lucrative consulting contract.
My employer [kenan.com] sells billing systems to phone companies and is starting to break into the utility market. When I went to a presentation describing these exciting new trends in metering and billing, I asked about the privacy implications. The lecturer said that (in the USA) state public-utilities commissions were responsible for privacy-related utility regulation. This somehow did not fill me with confidence.
--
Re:The most disturbing point (Score:1)
Ethics is in the eye of the beholder (no, not that beholder
It is my personal belief that no corporate entity should be able to spy on their employees by sifting through their e-mail.
No problem here.
It violates all sorts of rights granted to us by the Bill of Rights.
But here you are wrong, sorry. To put it crudely, you do not have rights to privacy in other people's (as in, your employer) computer systems. If you want to be private, bring your own laptop. Anybody who wants to look in there -- tell them to fuck off. But what you do on not-yours computers is fair game IMHO.
Kaa
Re:You make your own privacy (Score:2)
Not to defend Windows, but what is it about UNIX that would prevent a competent sysadmin to install monitoring programs on your, say, Sun box?
I've yet to hear of a case where someone was fired for using encryption, ssh or ssl to protect their privacy.
Some places (like mine) explicitly prohibit using any kind of encryption in the work place. You sign a piece of paper stating that you know and agree to this when you are hired.
One of the reasons I've been looking very carefully at PDAs lately is that I want a personal, as in really personal, machine that I can use at work and at home and tell the employer to fuck off if he wants to know what's in there. Laptops are too big and heavy, and Palms are too drain-bamaged. Psions and the latest crop of WinCE [pulls on asbestos underwear] devices look yummy.
Kaa
Re:The most disturbing point (Score:2)
Err, no. That wasn't a contract. That was a promise and legally there is a world of difference between a promise and a contract (quick-and-dirty test: in a contract there is *exchange* of value, in a promise one side just gives and the other side just receives). Promises, generally, are not enforceable.
I suspect that the promise was made by some mid-level manager who really had no authority to make these claims...
Kaa
Re:National security isn't just a myth (Score:5)
This is, basically, an argument for a police state.
Your point is that part of the government's job is to protect its citizens from threats and that taking away individual liberties makes this job easier. The problem, of course, is that historically governments were very, very consistent is abusing the advantages they have over individuals.
Consider that forcing everybody to carry at all times an internal passport with fingerprint/retina/DNA information would make law enforcement a lot easier. Consider that forcing everybody to wear and electronic anklet/bracelet which monitors their location (a la house-arrest devices) will make it even more easier. Consider that allowing to use torture and/or psychoactive drugs on suspects will considerably increase the percentage of crimes solved. So?
The problem is finding an acceptable trade-off between personal freedom and government needs and your post seems to be quite one-sided in this regard.
Kaa
Free HTTPS alternative to HotMail (Score:1)
Check out http://www.ziplip.com
It's a completely https alternative to hotmail and other public email services. There may be others - this was the first I found.
Kungaloosh!
-Bill
Re:Down right scary (Score:1)
Public awareness that they are being watched is key. But how do we even begin the education? With the media of course. They have the public eye. Sensationalism may not be pretty, but it gets stories out and peaks interest. After all, look at how much Linux has grown since ZDTV has been running stories on "H0w t0 b3 133t w1th L1NuX" brought to you by The Screen Savers.
Re:Unnecessarily pessimistic (Score:1)
Frankly, I find the whole notion that every piece of journalism must have "balance" to be silly, as it often gives undeserved weight to the fringe and this practice can reduce the credibility of the story rather than add to it. Would you require a journalist reporting on, say, the Holocaust to find a kind SS officer to balance the story of bulldozers and piles of bodies with a commentary on the merits of the "Final Solution?" Of course the privacy issue is far less tragic than the Holocaust, however the point is the same: "balance," while it is lauded in journalism schools, is not appropriate in some stories.
Re:If We Can't Do it At Work Where Can We Do It (Score:1)
If you can't run your errands without violating policy, then your errands simply don't get run. In principle you could always (a) get a cell-phone to make your personal calls, (b) go to a public library over your lunch hour to do your web browsing, (c) take a half day of vacation every time you have to stand in line at the DMV to get your license renewed.
That being said, most places will allow limited personal use of their equipment since it just makes good business sense to do this rather than be draconian in enforcing the policies. Probably the safest thing to do is get some clarification from your supervisor on what the policies are regarding personal use of the corporation's equipment and facilities.
What about nude Natalie Portman pixs? (Score:2)
Part of that settlement could be scanning office e-mail for offensive language or content, e.g., nude pictures of Natalie Portman rolling around in grits. Encrypted mail might be construed - as part of the settlement - as a deliberate and conscious attempt to circumvent monitoring and thus trigger immediate punitive measures. YOU DON'T KNOW, AND NOBODY IS OBLIGATED TO TELL YOU.
If you really want privacy, use SSH to connect to your personal account from work. Bring in your own laptop if you have to... at most, they'll tell you that it's not permitted.
But blindly installing and using PGP or GPG might cause problems far, far beyond anything you would expect. If you're lucky, you'll be fired "for cause." If you're unlucky, you'll be named as codefendant in some criminal or multi-billion dollar lawsuit, have your face plastered across the cover of magazines as the Geek Who Cost TLA $5 Million,....
On a smaller scale [Re:Public needs to stop p...] (Score:2)
Nearly a decade ago, I made a conscious decision to not use my first name online. It's not because I like my last name that much, but because until then, I'd been drawing annoying correspondence from net.romeos. Some of it was flirting, some of it was abusive, and all of it was aimed at me because they could look at my name and know they were talking to a "gurl, huhuhuh."
So, in a way (bear with the analogy, folks), I "encrypted" my name down to my first initials.
I found out later that this was a common feminist ploy in business circles used by women who wanted to avoid discrimination and by men who wanted to show solidarity with those women. You can apply many of the same anti-encryption arguments against this practice [e.g. "Do you have something to hide? Are you ashamed of being female? Don't we have a right to know who we're dealing with?"] but it was a useful and often necessary practice at the time.
These days I've switched to using feminine handles, but I still try to avoid using my first name much. These days I want it to be just that much more trouble to track me back to RL (I have a common last name and many searches ignore initials - If I'm going to be stalked I'd rather be stalked by someone competent.)
You don't always have to have something to hide to want to keep some information private.
Only At Work (Score:1)
"the law so far has been rather clear. You have no right to privacy in your email or use of the Internet at work."
If you send e-mails on company time through the company server, they can check it. Granted, they can't read snail mail sent through their post office, but this isn't the same thing as companies spying on you and you losing your rights on-line.
Being with you, it's just one epiphany after another
Re:Public needs to stop pretending there is no iss (Score:2)
--
Re:Yeah, right. (Score:1)
Re:Yeah, right. (Score:2)
- German Jews who resisted Hitler (who was elected)
- Rosa Parks, Dr. Martin Luther King, and countless other civil rights leaders who opposed discriminatory laws passed by elected officials
- The ACLU and other free speech groups that oppose democratically passed censorship laws
You are correct in that minors have limited (not no) rights, but your conception of democracy and freedom is seriously flawed. The phrase "tyranny of the majority" comes to mind.Re:National security isn't just a myth (Score:1)
On TV, they have terrorists and they're all saying "Praise Allah! Praise Allah!" I think they're crazy. They all wear sheets and they all are Arabian. Crazy arabians. Boy, I hope I never meet an Arabian. They're all terrorists.
No, those adorible catholics in N. Ireland aren't terrorists. Nope. They're white, just like me. Catholics can't be terrorists. Only those scary Muslims, like Ghandi. So WEIRD!
"Anyone here at Slashdot ever met a real live terrorist?"
That's irrelevent, our idea of terrorists are those that are different than us, and the media doesn't help.
So, I don't disagree with you, but I don't think it's the government that wants the info about you. They can already get it, if they want.
Yeah, and PGP keys. (Score:2)
I'm fairly intelligent and I am aware of the risks that that article talks about, but damnit! It scares me..
Here's a useful tip for all of us here. When you install a friend's computer or email program, make sure that it's got PGP and they know how to use it.
Re:Not even that. (Score:1)
The most disturbing point (Score:3)
This sounds like the court determined that what was essentially a contract between an employer and employee was invalid because no reasonable person would expect a company to keep it's word on something like that. Am I alone here in assuming that there are ethical people in the business world who certainly keep secrets from each other, but don't lie to each other?
Re:Public needs to stop pretending there is no iss (Score:5)
Far too many people have a model of privacy that only assumes that the government will spy on you and that only criminals need to fear that. It is trivial to find other examples of a need for security. Consider a regular family vacation. You and your spouse have been going out of town every year to spend New Year's Eve with your parents and New Year's Day with your in-laws. Do you want a burglar to know that you aren't home? Any of the following could reveal that:
You haven't done anything wrong. You are a law-abiding citizen visiting family. Unfortunately, the two guys who are filling a truck with every valuable in your home aren't such upstanding people.
How about some privacy assistance, Slashdot? (Score:5)
This goes double for services like Hotmail and Yahoo. You can protect your password on Yahoo mail via https, but your actual mail goes back and forth in the clear. They need to do something about this too.
--
Ancient Goth: Someone who overthrew the Roman Empire.
Lunch Time. Pay Phone. The old days. (Score:2)
Re:If We Can't Do it At Work Where Can We Do It (Score:1)
HAHAHAHAHAHAAHAHA!! (Score:1)
Deja Vu (Score:1)
Dang, this subject's got me all fired up.
Secret Sauce (Score:1)
Aaargh! (Score:1)
Re:What about the company's privacy? (Score:2)
Nothing is stopping you except the fact that taking out 5 boxes of documents may very well be noticed by someone. You simple can not stop everyone, but that doesn't mean you should make it easy for everyone either. I can send out every single document on our servers in 1 day. How long would it take me to print out every document and smuggle it out of here? Years, at the very least.
A company is not a human. It has no rights to privacy.
This is the silliest thing I've ever heard. So your saying I have the right to walk into any company and look at any records they keep? I can see any research done by a company, because they don't have any privacy? Companies have the right to keep things private as much as a person does.
What about the company's privacy? (Score:3)
I work for a company that is in the pharmaceutical industry. This is a very competitive industry, and corporate espionage is not unheard of. If the company can't look at email if they feel they need to, what is to stop an employee from pulling down all the information on the server and sending it to a competitor? Who is to say that encrypted file is a letter to your mom and not the memo you just received about company policy and the data just received from another company you work with?
People survived for years without having personal email at work, and they can do it now. If it's something you don't want your employer to know about, don't send it through his sytem. The company has as much right to protect their privacy as you do.
You make your own privacy (Score:2)
Re:You make your own privacy (Score:2)
PDAs are definitely going to be a problem. Moreso if a company decides to issue them to their employees. I've yet to hear of any court cases involving them, but I'm sure it's only a matter of time.
Re:What about the company's privacy? (Score:2)
A company is not a human. It has no rights to privacy.
Re:If We Can't Do it At Work Where Can We Do It (Score:1)
It's hard to believe a reasonable employer wouldn't recognize this.
Most do. There are limits, however. Most parents spend a few minutes on the phone to check in with their kids when they come home from school -- they don't get into hour-long conversations with them. Or people will make a few quick phone calls to set up medical appointments, or confirm a reservation, or whatever. And all of these are within acceptable bounds.
There are employees, however, who push the bounds of acceptability. If you're spending long periods of time doing personal stuff, or if you're doing something on company time that could be damaging to the company, there is no reason for the company to willingly sit back and say "Sure, whatever."
Why should this be surprising? (Score:2)
If you, as an employee, don't *know* that your employer is capable of doing this, I pity you. Corporations should have clear enforcement policies, yes, and they should stick to them. And when a policy says "We won't monitor this" and they do, it's dishonest. If a monitoring policy is changed, the change should be made public. Warning employees before taking action against them would be a nice touch.
Blocking sites, monitoring user action... yes. If there's a user on my corporate network who's downloading or distributing naked pictures of fourteen-year-olds or selling internal secrets to the Kazakhs or some other such thing, I'd sure as hell like to know about it before the FBI or Barbara Walters does... and keep them from finding out.
Yes, employees should know what kind of things their employers should see. But they should also think like someone could be looking over their shoulder at any time. When you're at home, on a personal connection, it's a different story. When you're using someone else's stuff, you play by their rules.
Re:If We Can't Do it At Work Where Can We Do It (Score:1)
Most people have a more informal employmet contract that permits infrequent minor use of telephones but with highly varied privacy protections. My recent large corporate employers had very clear rules:
- telephone usage was monitored, but with privacy protections. The monitors got anonymized data. Managers got only aggregated data on total usages. The corporate rules then made it clear that if the anonymized data indicated abuse, the anonymity would be lifted and sanctions up to criminal charges might follow.
- Similar monitoring of email and web browsing with privacy protections spelled out. Plus, every login included a banner reminding users of business use only.
These companies took these contracts seriously. They did monitor. They did anonymize. They enforced privacy protections. And they responded rapidly to abuses. The legal departments enforced both sides of this contract strictly because it was their belief that the privacy protections were needed to maintain employee acceptance, the privacy protections were strictly enforced to protect against countersuits when abusers were sanctioned, and the abuse monitoring response was rapid both to avoid establishing a precedent for tolerating abuse and to catch abuse at a stage where a minor reprimand was appropriate and likely to end the abuse.
The present legal environment is still one that the business's equipment (phones, computers, supplies, etc.) are to be used only for purposes approved and authorized by the business. This does make sense. It belongs to them. They pay for it. As part of your compensation they allow limited personal use with the understanding that you sacrifice privacy.
There is one (and to my knowledge only one) exception. The law explicitly permits limited non-interference use of corporate facilities for union and labor related purposes. This includes such things as discussion of working conditions, wages, etc. There are strict limits on when and how business facilities can be used, but when within these limits there are also very strong privacy protections.
For everything else, use a cell phone (on your break time), use your own personal equipment, do it from home.
Devastating Article (Score:1)
This is a devastating article. That it could be this bad... one wonders what kind of people would exploit the lack of protective legislation like this. What kind of creep would just walk up to a woman and say congrats that you're preggers. Whether it's legal or not, we all know it's goddamn unethical and immoral. Now it seems we have to muster the ACLU and the rest again to put these Brown shirts and Blue meanies back in their place. It just never ends, does it? Do read this article. It is very good!
Jcc
If We Can't Do it At Work Where Can We Do It (Score:5)
Already in the short span of one month that I have been working I've made long distance calls to my girlfriend to confirm her flight, I've called credit agencies about a misunderstanding in my credit report, emailed friends about a software project for school we're working on, made long distance calls to pay bills for my old apartment (I relocated for this job) and more. From what I read in the C|Net article, and a few others in Fortune as well as other places, I put my job in jeopardy by performing any of the above actions. If I had a choice I would still do them again because there's no other time for me to do these things. I'm at work eight to nine hours a day, before I leave the house most offices and agencies are not yet open and by the time I get home they are closed.
My purpose in posting this is to let the people who feel that you deserve to be stung for doing personal things at work realize that there are many situations where you have no choice but to do these things from work. Of course, the alternative is to come into work late or leave work simply to browse the web, make a phonecall or shoot off an email.
PS: I considered posting this as an AC, but decided that if I actually do get nailed for these things, I'd have a suit on my hands since I'm posting this from home.
PPS: All the things I did on the phone I also did online (i.e. surfing credit agency sites, emailing my GF, etc).
Re:The artical has vanished! (nt) (Score:1)
Personally, i'm glad i live in the UK, where i can be sure my online privacy is secure. Oh...wait...
Why no electronic access to medical records? (Score:1)
When I first looked at this, I responded in the typical, "hell yeah!!" manner as my privacy was being compromised. However, there are some other questions to think about on this matter. While I haven't gone out and looked at all of the policies or read this legislation yet, I immediatly question this policy to block all electronic access to medical records. Which seems to me to be a bit of overkill and quite ludicrous.
This is a very sticky topic that could get ugly. While I don't want the obvious infractions that have happened and could happen, I would like it alot if I'm brought into an ER and that hospital would be able to access my medical records and find out if I'm allergic to a medication that they are about to inject me with. Personally, I find this to be a good thing, so I would want them to be able to access this very quickly and not have to wait a couple of days (by which time it would most likely be too late) to get the records.
I'm thinking that a combination some new policy with the old policy would be in order. If I remember correctly, as of now people need to get written permission to get into your records (non electronic), why not combine this with the new digital signature policy that is coming through, that way you can get almost instantanious access with the privacy policy still in place.
The only problem here is that it still doesn't solve the "coming into the ER" problem as they would have to get your permission first, but something tells me that they have policies in place for that right now, and they could just adapt a little bit (such as, if you are incapable of giving permission and they need the info and fast, they will assume you give permission... a little bit of privacy lost, but in my opinion, for a good cause).
PHBs and email (Score:2)
Seeing as how my boss requires my help to use Amazon, No.
Used to work. (Score:1)
Public needs to stop pretending there is no issue (Score:5)
---From "An Introduction to Cryptography" by Phil Zimmermann, the programmer of PGP himself.
This is an analogy I remind myself each time one of my friends at high school ridicules me for being a paranoid "conspiracy nut". It concerns me greatly that most of the general public of my country, Australia seems to take a laissez-faire approach to their online Internet rights. For example, Australians have already lost their right to unmonitored and uncensored (but not yet implemented) Internet usage and our intelligence agency, ASIO now has the legal right to actually crack our computers and monitor communications without a warrant all for the sake of so-called "national security".
What is just as worrying is that the general population accepts the face value of our politicians. The government in power, the conservative Liberals claim that they are acting in the best national security and moral interests of the silent majority, but to me, it would seem like they acting to silence the majority. The general public needs to be made aware of how insecure the Internet really is, and how governments are seeking to gain a legal right to infringe upon their basic human rights to freedom of expression and press. There seems to be an accepted dogma by the public here that the online world is different and that their human rights are automatically guaranteed by the nation's law instead of being restricted in reality.
Even my own high school, Sydney Technical High was planning student email access; a proposal to ban students using encryption to circumvent monitoring was considered. The majority of the student seemed unconcerned with this, except for a few others and myself as we saw this as a blatant attempt to impose the school's authority upon us while they were claiming legal responsibility over our moral wellbeing! The school told me that this email service was to be a "privilege and not a right" and thus if I was upset, I should use my own email. I was mainly concerned with those without access to encryption outside of school having their civil liberties breached. Luckily the school abandoned this scheme altogether after discovering free email services provided by services such as Hotmail. However, the mere fact that the school was willing to impose such draconian measures upon its students is a sad reflection of Australia's stance towards online civil liberties.
I am dismayed when my friends exclaim that the CIA will never read my email, because I am not important, nor have I done anything wrong or have something to hide. I wish that they could see that if they we don't start fighting for our rights online now, such as the right to uncensored access, encryption, and online self-security then a time will come when it will be too late for everyone to start voicing their opinions without fear from those seeking to impose their wills upon us.
In the land of the free ? (Score:1)
My goverment couldn't understand my bank statement even if they did figure out how to hack and get it !
In the end however the primary question is not, is the goverment spying, or does echelon exist...because the answer in both cases is an unqualified yes. Instead we should be asking ourselves how do we stop it. Because I know all too well that sooner or later I will have the same problem I am willing to do my bit towards ending this now - a sign of solidarity
Voting for somoene else won't work, not even the Libertarian Party. All politicians are by default corrupt...keep that in mind and you have a chance.
Remember instead your constitutional rights, especially the third and fith amendments - free speech, and carrrying a gun.
Which implies that if you can prove someone was interfering with your rights to say or think whatever the fuck you want - shoot him.
Re:In the land of the free ? (Score:1)
Since when is france a socialist country ?
Re:Congress sucks. (Score:1)
As many laws as those clowns in Congress make each year to protect big businesses, you'd think they'd find time to help protect the Constitution.
But it's not in their best interests to protect the Constitution, since their constituencies aren't providing them half as much cash as corporate sponsors and PACs [commoncause.org]. Katz might rail about corporatism and its effect on society, but the more concerning thing (to me, at least) is how you get popular control of government back from corporate/conglomerate interests. The problem in trying is that any candidate who doesn't pander to big money isn't gonna get the media exposure and other such rot (which costs oh-so-much) that it takes to win elections in the States.
I think you're going to find a common theme here - people with a clue are going beat themselves senseless trying to get the unwashed masses (hell, even coworkers and friends) to believe civil liberties online is as important as it is. Even r/t civiil liberties aren't a big concern among most people - just ask the average guy what he thinks of the ACLU [aclu.org], particularly when they're defending the rights of someone unpopular.
Old news. (Score:2)
She glossed over many of these issues.
Maybe one day, people will understand the issues. Most people take the attitude, "if you weren't doing anything wrong, you would not have a problem." If you don't libel a company, they won't bother you. If you are not a hacker, then they won't kick down your door.
Most people don't realize things effect them until, they are dragged off to the concentration camps.
Re:Only At Work (Score:1)
The postal service are the ONLY ones who have the power to open mail before it is delivered, and even then it takes an act of congress or something like that.
Just my 0000 0010 cents worth.
Proxies (Score:1)
It's not that I do anything wrong from work I just would rather personal information isn't disclosed.
Re:Only At Work (Score:1)
Down right scary (Score:1)
Guesstimate what? 3 - 5 years? Shit, I may as well move to France! That's another question... will it get to the point where droves of tech people realize that Europe has more stringent policies and start moving and contributing to their technology? Wouldn't that be interesting?
Nuff Respec'
DeICQLady
7D3 CPE
Re:You have more rights if you're careful (Score:1)
Re:Why should this be surprising? (Score:2)
Damn, here's the post that says the same thing that I was going to say. Rather than a "me too", I'll just elaborate on this.
As others have mentioned, what you're using is company property. You have no right, given by god or government or otherwise, to use their hardware for any personal buisness.
Now, I use work machines for my personal enjoyment every day, and I'm not likely to stop that any time soon. For instance, I'm all over slashdot at various times during the day. I also manipulate my web banking from here, and occasionally ssh into a shell of mine to work with email or to hop on irc for a few minutes. (Employers, don't get paranoid, I'm usually getting on #perl to ask a stupid question.) But these three activities are special for different reasons.
First, slashdot. I don't say anything on slashdot I want to keep private, for obvious reasons: Namely, it's a public-access system. So I don't say anything here I'm worried about anyone seeing, much less my employer.
Then, the web banking and the ssh - The web banking is an ssl connection. The ssh connection is, well, an ssh connection. Both are encrypted. Filtering software could stop me from doing either, and any decent sniffer software would know what machine it was coming from and where it was going - But they can't determine the content of those messages, so they're fairly safe.
Mind you, I'm part of the IT staff here, and I know there's no filtering, we don't have a logging proxy, et cetera. Even if I were, though, I would not hesitate to perform the actions listed above.
Also keep in mind that it's important to be sure that there's nothing like Remote Desktop, Remote Control, VNC, or PC Anywhere running on your machine. You can find out by checking in install/remove programs, checking the video drivers that have been loaded, and checking the process list. On UNIX, check your x authentication and make sure no one is running xkeys, I guess, though generally a UNIX shop is not a monitored shop, in my experience.
It's *easy* for an employer to keep tabs on what you're up to, at least in a vague kind of way. Your only escape would be to use an encrypted VPN connection, and that doesn't stop them from monitoring what you're doing on your PC. If they're really hard up they can record your keystrokes on pretty much any operating system.
Unless you absolutely know better, never assume that you're not being watched. Don't say anything from work that you're not willing for the whole world to see. Accept that this hardware and network does not belong to you, and that your employer has the right to protect their interests. Don't bitch about not having time to do this stuff any other time, and then expect your employer to understanding; You chose the path of your life with your actions and decisions, you put yourself in the position you're in. If you have errands you just have to get done, take a day off from work. That's what personal days are for.
Or hell, call in sick, employers can't read your brainwaves while you're sitting at home on the sofa.
Yet.
Re:National security isn't just a myth (Score:1)
Corporations should not have a right to spy on sh*t of a personal nature of any employee. And if they decide to do it anyway (imagine that) there should be heap big punishments handed out. But this is not the part of your article that worries me.
A truly free society has the ways and means of civil disobedience. Consider a world in which the original signers of the Declaration of Independance had not the means to meet and confer. Consider a world where persons such as Martin Luther King had not been able to communicate privately with his peers.
It is a case of killing the dog to get rid of his fleas. While there are certainly nefarious uses of the Internet being done on a regular basis, there are perfectly legitimate uses going on at the same time. And yes, I'm claiming that the planning and enactment of civil disobedience is a legitimate use. Somehow I doubt the British government from around 1776 would agree.
The internet is only one part of our communication network here in the US of A. Yet the RIGHT to privacy already established for other means of communication is not enjoyed by users of a network. What's wrong with this picture? Communication is communication and should be protected by our constitution. If we allow "them", whoever they may be, to take away that right without a fight, then we also give up the right to change the face of the world.
Spys will be spys. Make 'em work for it, don't just give it to them.
shadz
Sued over employee behavior (Score:1)
That point is a symptom of another problem in America: The rampant proliferation of law suits. The trend is that employers are getting sued because an employee did something wrong and schools are being sued because an administrator didn't know that a student was going to shoot up his school. Hany organizations are being forced to do this for their own protection.
People need to *gasp* take resposibilty for their own actions and quit blaming someone else just becuase they have deep pockets. Then, the only reason that an organization has to monitor email, etc. is to make sure that employees are doing the work that they are being paid for.
PerlStalker
It's all fun and games until someone gets hurt. Then it's just fun.
Re:You have more rights... NT IS dangerous! (Score:1)
I used to do this when I needed to give people data files and programs that they needed. It was fun watching them react to how I could so easily "invade" their privacy. Some learned a lesson, on others it was lost, sadly.
Locking the desktop prevents people from using the keyboard. It does nothing to stop file sharing.
Re:You have more rights... NT IS dangerous! (Score:1)
Only, you didn't read the whole article... (Score:1)
Company part is irrelevant... (Score:1)
Actually, the last two companies I worked for had clear policies regarding the use of computer equipment, email, etc. for personal reasons, and you had to read and sign them in order to work there. I only saw them used once...the guy they fired was spending hours surfing porn sites from his desk. If you don't like the rules, you can always go work somewhere else. It's no different from dress codes, drug testing, etc.
The scary part of this article is the information about your medical history and bill paying online...those are items which should be protected by the Fourth Ammendment. I pay my bills online, but I do so using my local bank (where I already had an account prior to online payment) so I wonder where I stand? I mean, can't I argue that it's just an extension of what I was already doing using checks, and that if the rules were going to change, they would have had to tell me that up front? Seems like a good lawyer would have a pretty good case for a lawsuit there if the bank released that information to someone...
Re:Only At Work (Score:1)
Personal use of company resources is not a technology issue.
Re:If We Can't Do it At Work Where Can We Do It (Score:1)
And it's not a privacy issue, I'm just happier that way.
FatPhil
Re:Only At Work (Score:1)
United States? America?
Oh That would be the United States of Mexico then?
Wake up and work out there's a big world out there.
Before it is delivered? It's not even been posted yet when the guys in our outgoing post room get their hands on it!
Between whom is the 'delivery unopened' contract?
Between the company that pays the prepaid postage, and the postal delivery company. I don't enter into the bargain at all.
Privacy is a personal issue... (Score:2)
A right wing teckie - that's me! (Score:1)
If you want to send personal emails from work, and you can get away with it - have fun (I'm not saying you should do it, but if you get away with it, who's stopping you,right?), but you're taking the risk of getting caught. You're using the companies computer and the companies connection to waste the time you're getting paid for.
Whatever, enough incoherant rambling from me for now.
Re:You have more rights if you're careful (Score:1)
Re:Public needs to stop pretending there is no iss (Score:1)
I am dismayed when my friends exclaim that the CIA will never read my email, because I am not important, nor have I done anything wrong or have something to hide.
This attitude extends much farther than that. Most people take a very liberal view of their privacy right up until somebody points out in drastic detail what can be done with the information.
I used to be the administrator of a network within a department at a university. On quite a few occasions, I would discover major security problems that were completely social in nature. For example, one professor insisted on a password that was a single digit.
I attempted to explain why this was a bad idea, but the answer was always "We don't care if other people read our e-mail. We have nothing to hide." Since the person in question was just a tenured professor and I was just the technical assistant, there was nothing I could do aside from voice concern. Disabling the users account was out of the question and would most likely have gotten me fired. At some point, I just gave up and took the easy route by never mentioning security to any of the users.
Eventually -- surprise!! -- we were broken into by a hacker who deleted some important files used by the department. I thought that this might be a wake-up call to the members of the department. It wasn't. Instead, they dealt with the matter so lightly that when I suggested contacting the police, my supervisor didn't seem in the least bit interested in talking to them. In fact, he told me that he didn't want me "wasting any more time" on the matter!
A fellow administrator at the university sent me a copy of university policy that was meant to explain to non-techies that people in charge of computers would need to devote at least 20% of their time to security issues. My boss wasn't in the least bit interested in looking at this policy.
Folks, this attitude towards system security is the same beast that causes people to not pay attention to their own privacy. Most people don't really care about their virtual security and privacy (which go hand-in-hand) because it never seems like real life. The same person who would call 911 if he saw a stranger following him down a street won't think twice about a stranger doing the same thing in cyberspace. Most people are much more scared about coming home to find their jewelry missing than they are about coming home to find that somebody has been through their personal files and left the jewelry in place. What they don't realize is that those personal files can be used to steal even more money through identity theft than the jewelry itself was ever worth and that cleaning up the mess caused by an identity thief who has had access to your personal data can take years.
Re:National security isn't just a myth (Score:1)
Have you ever personally seen a terrorist? Anyone here at Slashdot ever met a real live terrorist? I doubt it. There just aren't that many of them. "Anti-terrorism" is just the cover story, folks.
You should be glad that your world is so small.
Have I ever personally met a terrorist? No.
Have I personally known and worked with somebody whose life was cut short by a terrorist? Unfortunately, yes.
I can tell you this: I would be willing to accept a certain level of government monitoring if it would bring back a young life which was needlessly cut short because she was in the wrong place at the wrong time. I'm also sure that if that government had not been involved in some type of monitoring that many more people might have been murdered -- yes, murdered -- as well.
I want my privacy. I want my rights. I don't want to live in a complete anarchy. Most of us are capable of understanding that in order to live in a free society where one can jump on a bus and not worry about being blown to bits by a terrorist's bomb we need to give up certain parts -- though not all -- of our privacy. It's a trade-off. What's most important to discuss is precisely where that line is drawn.
If your world is too small to have ever experienced the grief and shock that I and many others have, consider yourself lucky.
The artical has vanished! (nt) (Score:1)
National security isn't just a myth (Score:2)
The trouble is with this situation is that it isn't as cut and dried as people might think. Sure, you've got a right to privacy, but national security isn't just something made up by government's to impose Big Brother regimes on their citizens.
Even now that the Cold War has finished there are any number of threats to people in every country that are dealt with by intelligence services all the time without people even realising it. And if these agencies cannot access information when it is required then they cannot do their jobs, and the chances of say, a terrorist bomb attack, goes up dramatically.
OTOH corporations should have no rights at all to spy on their employees in the ways that this article suggests. Unfortunately because the growth of net use in the workplace has occured so quickly the law hasn't been able to keep up with all of the various aspects of privacy and rights.
And whilst the corporations have such a pervasive influence on government, especially the case in the US, the issue is likely to be either sidelined or made even worse by pro-corporate legislation.
---
Jon E. Erikson
Spy On Your Boss! (Score:1)
The article implied that privacy was an issue of Freedom, which it isn't. You can still send e-mails out to whomever you like.
I also recall reading in the article that people didn't like it that when they went to check out a loan, the bank looked over their medical records [taoriver.net] to make sure that they didn't have a fatal cancer.
Hm. Why should that concern you?
Do you want to check out a bunch of cash from the bank, before you make your final check out from life, and now, this is going to spoil your plans? I can understand how a bank might want to know that sort of thing... (Ack! The terrible maw of accountability is upon us!)
What we really want is to not get into a "Big Brother is Watching You". We don't want our boss, or our leaders, or some police force, to be able to spy on us, and to be able to abuse their power...
There are other ways, than desperately clinging to our privacy at every turn. Time for another Brin quote:
If we could also check out our employers emails, suddenly the picture becomes a lot clearer. Email becomes a style of broadcast speech.
The key thing is, you have to make it so that whatever one person can see, everyone can see. You have to help shape laws with your opinion, and you have to make it so that whenever there is monitoring going on, that it applies equally to the monitors. We absolutely cannot afford to have unmonitored monitors.
What can you do today?
In our Seattle Weekly, the headlines read "But who will watch the cops?"
In the Weekly, a Citizen Review Board was discussed. The initiative described would require paid citizens on a board to watch over sections of the police. ...so much effort, so many laws required. Then you have to delegate what the citizens can and cannot do, what authority they have, and on and on... It's a big hassle.
All you need is cameras connected to the Internet. You can be sure that at least 10 people out there will be archiving everything that happens on those cameras; you don't even need the state to pay for the disk space. Just wire up some cameras, state clearly that they are not to be interrupted, and wha-lah; immediate accountable police force.
Read: -Brin's home page [kithrup.com], or Transparent Society [businessweek.com] for more details.
Looking for a silver lining (Score:1)
If Intel wins that one, can we shut down spammers using the same argument?
Re:The most disturbing point (Score:2)
Even if this wasn't a binding contract, it is most certainly unethical. It is my personal belief that no corporate entity should be able to spy on their employees by sifting through their e-mail. It violates all sorts of rights granted to us by the Bill of Rights [house.gov].
Furthermore, the government has passed laws regarding the Interception of Digital and Other Communications [cornell.edu]
The U.S. Code Title 47, Chapter 2, Section 33 [cornell.edu] also notes: From the decrees and judgments of the district courts in actions and suits arising under this chapter appeals shall be allowed as provided by law in other cases. Criminal actions and proceedings for a violation of the provisions of this chapter shall be commenced and prosecuted in the district court for the district within which the offense was committed, and when not committed within any judicial district, then in the district court for the district within which the offender may be found; and suits of a civil nature may be commenced in the district court for any district within which the defendant may be found and shall be served with process. I think that a closer look at this case may lead to a chance to take legal action against the employer.
Congress sucks. (Score:1)
As many laws as those clowns in Congress make each year to protect big businesses, you'd think they'd find time to help protect the Constitution.
Re:Congress sucks. (Score:1)
I would have voted for McCain in a heartbeat.
Re:If We Can't Do it At Work Where Can We Do It (Score:1)
It's hard to believe a reasonable employer wouldn't recognize this.
No Expectation of Privacy at Work (Score:1)
However, what I do have a problem with, is people being fired without warning for criticizing management as the article implies. I can understand your boss telling you that they can't allow you to do so, because it is bad for morale or whatnot, but to fire them on the spot is reprehensible. Of course, I only inferred this, so this may not actually happen.
-Phredrick Dobbs
Emperor of the Universe
Grand and High Protector of Everything
Re:You have more rights if you're careful (Score:1)
Re:You have more rights... NT IS dangerous! (Score:1)
You have more rights if you're careful (Score:2)
-Agelmar
Re:Public needs to stop pretending there is no iss (Score:1)
If you go to your user page, select "Customize Comments" and change "Max Comment Size" to 8192, this bug will almost never show up (Few comments are much longer than 4096, so having a cut-off there doesn't save you much)
Doesn't anyone fact-check anymore? (Score:3)
In her article "Check Your Freedom at the Door", Sally McGrane writes:
"Your Health Records Are Imperiled
I would suggest to Sally and her Editors that a little fact-checking is in order before publishing this scaremongering stuff, and painting a much bleaker, darker picture of the future than actually exists. Just because the ACLU says it's so, doesn't mean it is.
HIPAA, the Health Insurance Portability Act, passed in (I believe 1996) and slated to go into effect later this year once the final regs are approved, will *majorly* impact how your medical records are stored, accessed, and maintained.
Expected to cost the Health Care industry *many* times what it spent on Y2K, HIPAA mandates sweeping physical and electronic security measures, in addition to process changes, etc., to ensure your privacy, and the protection and accuracy of your medical record.
For further information, I refer you to:
hipaadvisory.com [hipaadvisory.com]
hipaalert.com [hipaalert.com]
Sites that I'm not in any way affiliated with. Working in the health care industry in information technology these days, it's something I'm very aware of, as are most doing MIS/IT in the health care world. CNET and Ms. McGrane would have done well to maybe ask at least *one* knowledgable person before publishing this "report."
One thing you're missing, however (Score:1)