Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Privacy Your Rights Online

More Companies Monitoring Worker E-mail Use 11

Posted by michael from the quis-custodiet dept.
iatrim writes "CNN has a chilling story on the increasing use of new, more stealthy computer usage monitors." I know I would never work at a job which monitored me like this, but a lot of people don't really have the choice.
This discussion has been archived. No new comments can be posted.

More Companies Monitoring Worker Email Use More

More Companies Monitoring Worker Email Use

Comments Filter:
  • Hence the reason my company makes it VERY clear that we can, may, and will monitor email. What the hell, we wrote the check for the mail server, soon we'll be doing maintenance on same, we pay for the connectivity, etc.

    The trick is this: we probably won't ever monitor mail. We'll keep it, of course, in case we ever have to defend ourselves in court. But if someone is spending so much time on the net or sending email that it becomes an issue, it would be a simple matter to dismiss/reprimand them without using the email as an excuse.

    IOW, if it is only occasional, and doesn't impinge on work performance, who cares? The only thing that concerns me with this policy (from a PHB POV) is that my company is liable for what my employees put in their email. So if someone at my company sends a sexist/racist/fooish joke to someone who takes offense, I'm on the hook.

    Assume for a minute that we cannot change the law or the interpretation of same with regards to 'creating a hostile work environment.' How does anyone propose that a company protect both their employees' privacy and the company's ass?

    I ask not to go trolling, but seriously: presumably people on /. use email/web more than the average person. So what would be a fair policy to you that takes into account both what you want, and what the company needs? (Hmm... Think I'll post this on Ask Slashdot)

  • The idea that my boss, or anyone else's boss for that matter, is reading his email, is not that nice, IMHO. Even things like PGP can not help much, since knowing even where I post mail, or who has emailed me, and when, is some information that has it's own value.

    I still do not know what I would reply to a boss that asked me, being responsible for the mail server, to monitor other people's mail (including myself) for this or that. Perhaps, explaining that moral reasons do not allow me to do something like that, will be enough. However, I suspect that there will be times that leaving the job will be my only way out of this mess.

    --
  • A growing number of employers are using computer software to secretly determine which of their employees may be wasting company time using their computers to visit inappropriate Web sites and to send unauthorized e-mail.

    My supervisor spends all day at work downloading MP3s, visiting websites, watching "Wazzup?" commercial parodies, playing FreeCell and Minesweeper (which I must say he's quite good at) and sending e-mail. In fact, he does it so much he doesn't even need to use his home computer. But he's still one of their best employees. How? He's doing phone support. His job is reactionary, and he can easily download and talk on the phone at the same time. And if there's a lull, no one cares that he's playing games, as long as he stops to answer the phone when it rings.

    The part about "unauthorized e-mail" is a little scarier. Most likely, the only way they can tell the e-mail is "unauthorized" is to read it, and I feel that's an invasion of my privacy. I don't want my sysadmin reading my e-mail for the same reason I don't want him tapping my phone.

    And, as others have pointed out, there are legtimate uses of company e-mail for personal purposes. An example: my mother's work e-mail address is her only one. If I'm coming home from school for the weekend, and I need to get in touch with her on Friday to let her know when I'll be coming in, chances are that it'll be difficult for us to get in touch via phone, between her being in meetings and me being in classes. But if we can exchange e-mail about it, then our problem is solved. And as long as answering my e-mail doesn't impair her work performance -- which I can't imagine it doing -- then where's the problem?

    In fact, this last point is probably the most important: as long as e-mail, or anything else, doesn't get in the way of one's performance at work, I don't see why anyone should complain about it. If e-mail or web surfing is getting in the way of work performance, then you handle it the same way as you handle any interference with work performance. Presumably my supervisor is competent enough to recognize when I've got such a problem, be it with e-mail or with anything else, and talk to me about it. After all, that's what supervisors are for.

    But as long as it doesn't create a problem, I think that, were I a manager, I wouldn't mind a little "inappropriate" web surfing now and then. It could only serve to improve employee morale, and god knows that's important. As an employee, I feel my company takes plenty of my time as it is. If they want my undivided attention for the entire time span during which I'm on the clock, they'd better be paying me more than they are for it, or giving me more time off so I can get all that inappropriateness out of my system.

    "We live in a world of cubicles, closed office spaces," said Roy Young of Adavi Inc., maker of Silent Watch surveillance software. "It's difficult for managers to monitor what employees are doing. . . ."

    I want to know where this guy works, that he thinks cubicles are "closed spaces". In my office (read: collection of cubicles), you can hear everything everyone else says, and every noise their computer makes. Ah, for the good old days when people who got paid less than I do were still entitled to real offices . . . .

    Young's stealthy software allows an employer to monitor dozens of computers from a single screen in real time, while recording every keystroke an employee makes, even if the data are deleted.

    Great, a commercial keystroke logger. Now k1dd13z can pay to steal passwords. That's how you know you're professional. So let's see if I have this straight: if I'm typing a Word document, and out of frustration, I type "I hate this company", then delete it, it's still saved and available for my employer to view? Gosh, when I think of all the wonderful things technology has done for me, it brings a tear to my eye.

    Rosen warns against the larger potential effect of computer surveillance. "It's not conducive to a free society or a really productive workplace that every moment of the day is conducted under the unblinking eye of the camera, the employer," he said.

    Preach on, brother. I couldn't have said it better.

  • IMHO the stuff the corps are trying to block are the seemingly endless supply of stupid joke forwards (and the like) as well as the abuse of email.

    Sure, and there's not really anything so terrible or sinister about that, but do they have to log keystrokes to do it? Because keystroke logging means they have any passwords you enter from your computer at work. And if you use the same passwords for other sites . . . it sort of snowballs into an invasion of privacy, if you ask me.

    What's really interesting is that my mom's sysadmin will not allow anyone on his network to set an e-mail or network login or password without telling him what it is. Or maybe he tells them what it'll be; I'm not sure. Either way, he has a record, somewhere, of every password in the building. If you ask me, that's not only inconsiderate and privacy-invading, it's also potentially dangerous. On the other hand, at my job, we -- and by "we" I mean all IS staff -- are encouraged to explicitly inform users that we're looking the other direction while they enter their passwords. Some users feel the need to give them to us anyway, for various reasons that make varying degrees of sense, but officially speaking, I don't know anyone's password, and I don't want to. If we tried to log users' keystrokes I'm sure we'd get fired for it. That's why it shocks me to read about companies where doing so is actually a policy.

    I still say that if someone is doing the job you're paying them to do, and doing it competently, then that's all you need to know about how they spend their work hours. When they start performing poorly, then you can start investigating why that is, but not before. Whatever the reason for their sub-standard performance is -- too much e-mail forwarding, drinking straight vodka on the job, unable to stop daydreaming about Britney Spears -- is actually relatively unimportant. The point is that they have a problem, any problem, and they need to solve it. And ideally you would just confront them about it and not have to sneak around behind their backs installing monitoring software on their computers or hidden video cameras in their cubicles or anything like that.

  • How often do you hear "this call may be monitored..." on the phone? Microsoft tech support even does this on email: they ask you to contact the drone's supervisor if you're not happy with your answer.

    Since phone wiretapping laws have been applied to email in the absence of any other governing law, I would think that the monitoring laws apply as well. You should be told when you're being monitored.

    But email is quite different from a telephone. The rules on recording conversations varies from state to state, but computer information is always recorded. Many service providers spool everything to tape, and there's no expectation of privacy. Given this tradition, maybe you don't have to notify people that you're monitoring their email or keystrokes.

  • I don't see any problem with employers monitoring their employees' Internet connection-after all, they are at work!

    What I do have a problem with is it being done secretly. If your employer is not cool with you reading the Stile Project at work, then he should damn well say so. He shouldn't just go and watch you with a snooper and then come to fire you. That just isn't playing fair.

    Regrettably, not too many people learned to play fair in business school :(

    --Perianwyr Stormcrow
  • A lot of people are complaing that "what if...". In reality, a company isn't going to come down on you for sending a few messages.

    For example, there was a link on this website (/.) that I clicked on and the proxy where I work blocked it because of gambling or pr0n or something. Now, the article didn't say that is what I might find on that site and by the URL I couldn't tell what was on it. That sort thing not only can but does happen. Now, if I kept on getting those errors a number of times a day then that would set off some bells.

    Another poster said that he emails his mother if he is coming home for the weekend. That email won't get his mom in trouble. Any rational manager would realize that email is becoming just like the telephone...an easy way to contact people.

    IMHO the stuff the corps are trying to block are the seemingly endless supply of stupid joke forwards (and the like) as well as the abuse of email. Emailing my buddies from school all day and sending out WAY more email than is normal would probably set off some bells.

    My point is, they aren't trying to stop personal emails and the _occasional_ browse of the internet during business hours. They are trying to stop the person who spends a vast majority of their time on the internet and not doing what they should be doing. And we all know at least one person who is like that.
  • Keystroking logging can be excessive, but if you are logging other things, you might as well. Extra evidence if you need it.

    People have the expectation that they can do whatever they want where ever they are. If you don't want someone to have a personal password, don't enter it at work (entering at home can be just as dangerous, but I'm focusing on the workplace). This falls under the category of "if you don't want them to know, don't tell them."

    An admin will have your network passwords no matter what you do. For the companies security they need to be able to get it. How else are you going to get on someone's machine if they leave the company (fired or what not)?

    But as Napster advocates say about downloadable music, "that is the way technology is going..." That may sound out of context, but it isn't. Monitoring technology is also growing, and if it is there, someone is going to use it. Do I agree with it? No. But I do have to live with it.
  • The other thing to remember is that sometimes employers have no choice. They're in an industry which requires supervision of employee statements (e.g., a stock broker can't promise that a stock price will rise), or they're subject to some specific enforcement action or settlement (e.g., they have a history of allowing a racially or sexually hostile "work environment" and must ensure email is free of offensive terms).

    *That* doesn't bother me because it's clear that there was two sides to the story and it was a conscious attempt to balance interests. On the other hand, the monitoring used to micromanage "productivity," or to intimidate employees from briefly using the 'net for legitimate personal business, etc., is worrisome.

    Finally, the article totally missed the point that leaves HR employees running screaming in horror at this technology. What happens if this software picks up the fact that an employee has been visiting Alcoholic Anonymous websites and may be thinking of joining? What if it picks up the fact that the employee has an undisclosed, but ADA-protected, illness?
  • The 1988 Electronic Communications Privacy Act, which has aften been ignored in these days of the DMCA, says that it is only legal to snoop on employee's email if they do not have a reasonable expectation of privacy. That means the IT departments need to make sure everyone knows that their e-mail may be read, otherwise it's not legal to snoop.

    Burris

  • Sure, the idea that my boss might be reading my e-mail is disturbing. Fortunately, the place where I work (for now) has folks in mangleme^H^H^H^H^H^H management that trust the underlings and don't really give a shit what else they do on company time, as long as the work gets done sometime before 5. And they have no room to talk about employees sending personal e-mail over the company's connection anyway. ^_^

    However...we are highly unlikely to have anyone doing anything particularly naughty over said connection. This is not the case everywhere.

    Catching up on e-mail with distant relatives, taking care of insurance and such, quick cruises through eBay...hell, even the occasional (I said occasional, mind you ^_^) addition to the pr0n folder isn't that much cause for scrutiny. But if Odd Things begin happening, unexplained internal or external attacks on the system and such, I'd want to check up and make sure it's not because the disgruntled worker on the 38th floor is putting a "h3y d00ds c0m3 h4x0r th1s s3rv3r" APB out to the seedier side of the world. I wouldn't like it, I wouldn't enjoy it, but in some cases it just might be necessary. And I can only hope the majority of businesses feel the same way.

Slashdot Top Deals

The optimum committee has no members. -- Norman Augustine

Close