Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Your Rights Online

Bill Bans Secret Workplace Snooping 18

jyuter writes "According to this ZDNET article, congress is considering a bill which requires companies to disclose their practices regarding reading employees' e-mails. What puzzles me is this quote from Charles Schumer D-NY, "We would never stand for it if an employer steamed open an employee's mail, read it and put it back. It is the same thing with an employee's e-mail." So it's ok then for employers to steam open employees's mail and give it back to them, provided they tell the employees of this policy beforehand." This would be a very modest proposal indeed - one tiny step for privacy, one giant leap for, well, nothing. Maybe I should be less cynical. Nah.
This discussion has been archived. No new comments can be posted.

Bill Bans Secret Workplace Snooping

Comments Filter:
  • 1st post, i tihnk

    and on a more serious note, i find it horrendous that, rather than keeping companies out of an employees email, you now just have to tell them that you read it. Admittedly, this is better than it used to be, but still...

    I suppose a few companies are going to be like "We're allowed to read email! Whaoo!" and then all hell is gonna break loose. :(

    grr.. i'm considering moving offshore these days.
  • I think it's OK for employers to read incomming/outgoing email. gasp

    First off, they are providing the service to aid their business -- not for your own personal pleasure. If you are conducting business as usual...then what do you have to hide? Internally, a company should not be so paranoid as to keep things from itself.

    Second, if you are giving away trade-secrets or perhaps mailing your resume to competitors, I think they have every right to know about it.

    So what's the different between reading email and scanning proxy logs? Or even drug testing or checking your bag/suitcase at the door?

    Don't think flame...think company protection
    --

  • by goldmeer ( 65554 ) on Friday July 21, 2000 @05:38AM (#915683)
    I'm getting tired of everyone assuming incorrectly that they have an expectation of privacy regarding regular email.

    As I explain it to anyone that will listen:

    If you send a postcard in the regular mail, anyone that touches the card can easily read the message that you have written. You have no expectation of privacy.

    If you send a letter sealed in an envelope, then those that handle the letter cannot easily read the message written on the paper within. You have a reasonable expectation of privacy that came from sealing the envelope.

    Email is a postcard, not a letter. There is nothing on the standard mail message that is sealing it from the eyes of anyone that touches the mail message. The text and any attachments are in the clear for anyone that has access and cares to look to read your message.

    The answer is encryption.
    Once you encrypt a message, you are sealing the envelope. You then have an expectation of privacy, the better the encryption, the better the expectation of privacy.

    You see, companies reading mail is not at all like steaming open letters, because unencrypted mail is not like a letter. Companies reading email is much more like reading the postcards that you get in interoffice mail.

    What's that, you say, you don't send postcards in the interoffice mail? Sure you do, every time you click SEND in your email program.

    Joe Goldmeer

  • I guess they can listen in when you call the doctor, or the Workman's compensation claim division, or any number of things.

    Yeah...there's a good idea: make your workman's comp claim on company time using company resources.

    You want to call the doctor or dentist or union -- then do it on your own time if you don't want your company to potentially be listening in on your phone call!
    --

  • After the recent NW Airlines fiasco (where a union activitist's *personal* computer was seized and searched), I have to ask...

    We are talking about employee's on-site, business provided email accounts, right? This isn't a backdoor that allows companies to demand access to an employee's personal accounts, right?!

    The CNet article suggests that, but knowing how many truly braindead laws Congress has passed recently (electronic signatures, anyone?), the question needs to be asked.

    For the record, I have publicly defended monitored e-mail on several occasions - and supported harsh actions against employees who insist on encrypting their personal email - because of those damn harassment suits. But that is a problem that applies to all of society.
  • Do you think everything out this thoroughly? They provide a phone on the desk too. Does that mean that you can only use it for company business and that they have the right to record all of your phone conversations? I guess they can listen in when you call the doctor, or the Workman's compensation claim division, or any number of things.

    The difference between phone and email is that the phone service does not require local administration that may require some messages' privacy to be breached. So people are morons if they think that their email is NOT going to be read by someone and say something stupid.

    But saying that it is OK for them to read anything/everything is ridiculous.

    Curious George

  • The excuse is that they want to stop people from sending and receiving stuff like contracts and equipment with out it going though legal or inventory. Knowing how most sales people are they will do anything to get around people and departments. They will try to send you an contracts for this or that and if an employee signs it you are stuck as a company being liable for something you may not want. Also trying to track expensive equipment that never got inventoried. The Difference is I can tell if some one has ripped open my mail and box of equipment. I don't really like it but I understand. I figure it gives me some protection form mail bombs ;-). Email if they don't tell you will never know.
  • While you are correct that companies have a right to make sure that propietary information is not being circulated. You are confused when putting this in relation to drug test and bag searches is that they have to tell you they are going to do it. I have worked in places where there are signs posted regarding bag searches. If they are going to performa search of a computer then they should make that policy clear as well. My former employer, the worlds biggest mouse, went after a number of people I worled with by searching their computers without warning or cause and used trumped up info to terminate them. At least with this bill people can't claim they weren't warned.
  • So it's ok then for employers to steam open employees's mail and give it back to them, provided they tell the employees of this policy beforehand.
    You have a problem with this? If you want to send me private mail, send it to my home address.
  • by Anonymous Coward
    I am becoming increasingly frustrated with those that believe they have any right to computer related privacy in the work place. While the computer you use at home and at work may be similar there is a major fundamental difference. Your work computer is a business tool just as is the desk it's on top of and the chair you sit in. It's not there for your enjoyment and its not their for personal use. The computers and networks are there so that the business can function and based on that, not only do I believe they have the right, but any business that does not keep an eye on their networks is in danger of paying for non productive employees. I am a net admin for a small company. In my 2nd week of employment I began looking at logs and emails and it was through looking at the emails that I discovered that 1 individual (along with a few others) in particular was spending at least 2 hours a day on the net hitting all kinds of sites, porn included. This was a highly paid individual...you do the math. How much was the company paying this guy to surf and send porn using company email ? Plain and simple the computers and networks you use at work are business tools and should be used for business related purposes and SHOULD be monitored to ensure such use.
  • Do you think everything out this thoroughly? They provide a phone on the desk too. Does that mean that you can only use it for company business and that they have the right to record all of your phone conversations? I guess they can listen in when you call the doctor, or the Workman's compensation claim division, or any number of things.

    Actually, if a company has a policy of "no personal calls", they can monitor conversations based on suspicion of violations of policy. You'd be surprised!

    Besides, it is not unreasonable for a company to say up front that an personal phone calls, e-mails, etc. should not be taken care of using company resources (including company time), and that as a condition of employment you accept that they will check up on you if they suspect this activity.

    You want personal e-mail? Get your own account!

    --

  • The better analogy would be this:

    You send an email and your company's admin snoops it via logs or whatever is roughly equivalent to the following scenario:

    You put a postcard in the mail. It goes to the post office, where it gets photocopied and archived. Then it is forwarded on to it's proper destination. Sometime in the future, the post office can look at the photocopy, supply it to courts, your ex-wife, or your dog.

    If that sort of thing were happening to postcards, people would have a fit. Just keep in mind, while email may be easily readable like a postcard, it is much more easily archived than a postcard. And it's archived very frequently. Furthermore, it is easy to compile data on who is sending what, and to whom.

    Yes encryption is one solution. But I still believe that the laws should require equal treatment of email versus snail mail, at least for personal email. Businesses should at the very least require employees to waive their email privacy before snooping on them. I don't really have a problem with that, since sending email from work is associating yourself with the company. They should get to control what leaves their servers, or at the very least, email heading to external addresses.

    Best regards,

    SEAL

  • Question: Was rummaging through everyone's email part of your job description? Had you been instructed to do it? Or did you simply take it upon yourself to be the company snitch?

    As a network administrator, you have access to all sorts of sensitive personal information. And we're not just talking emails here, we're talking (potentially) salaries, SSN, etc. Just because you have access does that mean you are entitled to check it, just to satisfy your own curiosity?

    I would hope the answer is "no." The janitor isn't allowed to go through your papers looking for incriminating evidence; similarly the sysadmin should not invade privacy without being told to do so.

    The question of whether or not management has the right to go through your email is more complex. First of all, being spied on without your knowledge is offensive (if you find out, that is.) However, I feel that as long as a company makes CLEAR that they have the right to invade your privacy at their discretion, you are less likely to do something incriminating. For example, you wouldn't go to a BDSM or other potentially embarrassing site if you knew that you were being monitored; and the threat of monitoring can be more potent than the actual act (though threats must be backed up with action.)

    But what gets people really mad is when they DON'T know they're being watched, and then their boss comes up to them demanding an explanation for all the porn they've been downloading. Not a situation I'd like to be faced with, how about you? Ignorance of the law is no excuse, true, but I think it is in everyone's best interests if people know beforehand they are being watched.

    Final point. People have been goofing off ever since they invented work, and the internet is just the latest way, albeit a very efficient one. If someone listens to the radio or doodles on a sketchpad, goes to an internet site or writes an email, it's all the same thing. It's just that an email or choice of website (eg, porn) can reveal far more personal information about someone than their choice of radio station or what they draw, particularly if they think no one will know what they've written or what sites they've visited.

  • by sandler ( 9145 ) on Friday July 21, 2000 @08:08AM (#915694) Homepage
    I think this is an excellent bill, as people should at least be aware of what's happening. I'd much rather have an exposed camera in an elevator than a hidden one.

    But, keep in mind that this only means that they have to tell you what they can or may do. It doesn't mean that every time they read one of your emails, they have to tell you that they did so. My company was straightforward in saying that they can and do read emails, web logs, etc. But I think most people operate as if they probably won't read everything.

    I think this is a step in the right direction, but I bet even after being notified of the company policy, an employee would still be shocked/upset if an HR rep dragged out an email and grilled him on it.

  • In my 2nd week of employment I began looking at logs and emails and it was through looking at the emails that I discovered that 1 individual (along with a few others) in particular was spending at least 2 hours a day on the net hitting all kinds of sites, porn included.

    What the fsck were you doing looking through people's emails? Being a network administrator is not a license to indulge one's voyeuristic tendencies. Just because you have the technical means to do something doesn't mean that it is moral or legal.

  • Many companies insist that encryption is not used on email, without management approval, and threaten removal of email if policy is ignored.

    Well, you don't have to work at that type of company, do you?

    Also, if you have internet access to web based mail accounts, you can then bypass their mail server completely, can't you?

    -Joe

  • I believe it should be possible, but only in certain cases, when an employee neglects his job etc.

    I know of a (family) company that has become bigger but where the boss reads every email that goes in and out. Employees know it and therefor are very sensitive about what they mail. Email is hardly used, and external consultants they work with are also asked to be very careful in what they email, certainly if it's about things that don't go too well :-)
    The result is that the employees aren't really 'shiny happy people' and modern technology isn't used as it could..

    I'm very lucky as the company I work for does not monitor anything at all, doesn't restrict internet access, etc. We were talking about upgrading our bandwith recently and an isp's salesmen said the company could restrict the usage (eg downloading mp3's or other non-work related material) and our boss said he didn't want to do anything like this at all :-) Someone has been fired because he was downloading x-rated images for weeks though, but this happened because he neglected his job and other people had to do more work, project was going late, .. So as long as my job gets done I can read /. all day :-)

  • Do you think everything out this thoroughly? They provide a phone on the desk too. Does that mean that you can only use it for company business and that they have the right to record all of your phone conversations? I guess they can listen in when you call the doctor, or the Workman's compensation claim division, or any number of things.

    Generally, yes. And this has been litigated to death.

    Employers can monitor phone calls, go through your notebooks, and rifle through your desk drawers. Whether they can check your personal briefcase or examine your locker depends on a variety of factors.

    Mail coming into a workplace also has a reduced expectation of privacy. One facility at which I worked opened and screened every bit of incoming mail, and outgoing mail with company stamps had to be left unsealed. There was an attempt to litigate that issue, but the court found for the company, at least partly on the strength of pre-employment notice. Not agreement, notice.

    Worker's Comp cases are an interesting problem, since the claim is a workplace injury, and the employer generally can get some access to the medical information anyway. Union conversations (many of which are not only permitted, but required, to occur on company time,) are a likely exception: If the monitoring manager realizes they are listening in on an activity governed by a Collective Bargaining Agreement (CBA), the CBA often requires that they terminate the monitoring and forget everything they heard. My father is a shop steward, and regularly gets calls about grievances. As a result his calls are almost never monitored, since it would be too annoying to sort out which were covered by the CBA.

    tc>

The explanation requiring the fewest assumptions is the most likely to be correct. -- William of Occam

Working...