One-Third Of Companies Monitoring Email 373
dotpavan writes "While studies have shown that spying on workers tends to make them less productive, that hasn't stopped approximately 1/3 of all U.S. companies from employing email monitoring tools. 43% of those companies employ staff to check outgoing emails. This seems like quite a waste. While there are some times when it makes sense to monitor emails (or it's required by law), most of the time, this seems like a complete waste of money. Not only are you upsetting workers and decreasing productivity, the benefits are pretty hard to spot. The number of "problem" emails tends to be incredibly low. If someone really wants to send out inappropriate emails, they're going to figure out some other way to do so, such as via a free webmail account somewhere. Yet, the companies are buying up expensive tools and hiring staff to watch just in case they catch the one or two problematic emails that go over the corporate network."
Automatic or manual? (Score:5, Interesting)
Re:Automatic or manual? (Score:5, Insightful)
And what about the word 'hell'. Well, coming from a Christian activism group, that's a valid word. Or chicken farmers talking about cocks. What's next? People called Richard being unable to use their abbreviated name? One Linux distro forum site censors the word "documentation" as "do***mentation".
Censorship is stupid. Automatic censorship more so.
Re:Automatic or manual? (Score:3, Funny)
Anyway, she does in fact have a colleague named Dick. He doesn't get a lot of email.
Re:Automatic or manual? (Score:5, Interesting)
cu<B></b>nt
The recipient won't see the tags at all but they'll fool most content filters.
Shouldn't take very long to hack up a macro or VB script to automatically search and replace for a list of common terms.
So who said HTML email was good for nothing?
Re:Automatic or manual? (Score:3, Funny)
heheh. Thanks for the idea. I'll write it on company time next week
Re:Automatic or manual? (Score:2)
Re:Automatic or manual? (Score:3, Funny)
I've got the dobody fluidmentation here that says it was clockwise
Followed, of course, by a half a dozen sniggering posts.
Re:Automatic or manual? (Score:2)
Don't you mean "s!@#$%^ing" posts?
Re:Automatic or manual? (Score:3, Funny)
Wait, how did documentation gain an extra letter in there?
Re:Automatic or manual? (Score:3, Funny)
Re:Automatic or manual? (Score:2)
And don't forget about Dick Cheney.
Re:Automatic or manual? (Score:5, Funny)
Why? I thought Rich was only a four letter word in communist countries...
Re:Automatic or manual? (Score:4, Funny)
The World of Warcraft forums censor the word cockroach, which is an ingame pet:
Oh man, I love my new %$#@roach... He follows me around everywhere.
Re:Automatic or manual? (Score:4, Interesting)
Re:Automatic or manual? (Score:3, Interesting)
Re:Automatic or manual? (Score:3, Insightful)
Once you decided to mess around on their network your window of opportunity of "being honest" has
Re:Automatic or manual? (Score:2)
And not forgetting.... (Score:2)
You guys think we're kidding, right?
Re:Automatic or manual? (Score:3, Informative)
so what? (Score:2, Insightful)
fire up your browser and use your gmail acc.
Re:so what? (Score:5, Interesting)
Re:so what? (Score:2)
So I guess in your organization attachments are a privilege reserved for those who understand base64(1) [freebsd.org].
how do they enforce this? (Score:2, Insightful)
Sure, they can ban well-known webmail hosts, but with just about every ISP and university having web mail, that's a very long list.
Re:how do they enforce this? (Score:2)
Re:so what? (Score:5, Insightful)
My company has restrictive policies as well. we aggressively monitor systems use, external phone calls, email and internet traffic. I can tell you they're worried about the wrong thing:
USB drives are what the babysitters should be shitting themselves over. How many companies have a huge list of staff in engineering and other sensitive areas with have local admin rights?. plug, play, cut, paste and you could see hundred sensitive documents go to your competition.
Lift a gigabyte of restricted documents no one will notice, but send an email with a rude word in it and you get counselled for "unnaceptable" conduct.
security concious? no. righteous and moral? yes. wrong focus for a business, I think.
Re:so what? (Score:2)
So, for browsers and such, I can get out just fine because I copy the location of a
But other apps can't get out directly, not even on port 80.
To test it, I set my box at home to listen for ssh on port 80, but I still could not get out of my work's configurat
Re:so what? (Score:2)
First, check if port 443 is open. In all corporate firewalls I've personally seen, it is. It usually has no proxies or anything.
If it doesn _not_ work, you can encapsulate ssh traffic in valid http, or use another trick like tunnelling it over DNS.
Re:so what? (Score:2)
Re:so what? (Score:2)
then on the command line:
netstat -n | grep "ESTAB"
That'll kick out a list of established network connections, the IP they go to, and the port they're going out on. That should help you find your proxy server's IP and port number.
Now just a second. (Score:2)
Do your personal stuff at home. If you don't like that, quit, or just wait to get fired for cause.
Re:so what? (Score:2)
A waste? (Score:5, Insightful)
Re:A waste? (Score:5, Insightful)
Their own brains being the most obvious means. Notebooks and copy machines being others.
No, this is primarily about "hostile work environment" and sexual harrassment lawsuits and such like, with a healty dose of rigid heirarchical control syndrome (formerly known as Overseers Disease, formerly known as "Asshole Boss") thrown in for good measure.
KFG
But what else can PHBsand Catberts actually do? (Score:2)
The PHBs and Catberts of the world are trying to prove they're in control because their own Bungee Bosses are leaning on them until the pHBs and Catberts are starting to making squealing noises.
They actually don't give a good goddamn about you one way or another. You could probaby smoke crack for lunch at the office and get away with paid extended leave, put on a substance abuse program and 'monitored' by the plant 'nurse' (the one who's not even allowed to give out any Aspirin for fe
Re:A waste? (Score:2)
Re:A waste? (Score:2)
1. Stash information on personal storage device, ipod, usb-key-thing, ...
2. ???
3. Profit!
The point being: if a company is looking after people leaking info, the they're not really doing that, but actually looking for the idiots that need to be weeded out. Anyone *serious* about leaking anything wou
Waste of time? (Score:2, Insightful)
Until some moron starts harassing his ex-girlfriend from his work account and you company gets sued for umpteen million dollars. Then it would've made a lot of sense!
You not lose the case, but the lawyer fees would probably make the monitoring look very attractive.
Also, haven't you worked with at least one person dumb enough to try to mail out the company's source code or mail out resumes from their work account? I know I have.
Re:Waste of time? (Score:2)
Re:Waste of time? (Score:2)
In the US, you can sue anyone for any reason.
And the deep-pockets theory of slease jurisprudence says, Cast the net as wide as possible. It doesn't matter if "innocent 3rd parties" get caught up, too.
Re:Waste of time? (Score:2)
Something like that happened at the community college where I work. Normally, you can't use any computer on the school's network unless you log in on an account. However, the library has machines you can use without logging in, and somebody sent a death threat to a teacher from one of them.
This has prompted the IT folks to push to stop allowing anonymous use of the library compu
Re:Waste of time? (Score:5, Insightful)
How is it your free speech to use your company's bandwidth and server time to send emails?
You can go home and do whatever you want on your own machine. When your working you are on the company payroll so if they don't like what you are doing you should stop.
Free speech is an important right but it has nothing to do with this discussion
The more detailed article linked in the article (Score:2, Informative)
Mea Culpa (Score:5, Interesting)
Re:Mea Culpa (Score:3, Insightful)
When dealing with customers or other company related correspondence, having multiple eyes on the correspondence makes good sense for exactly th
Telephone versus Email (Score:5, Insightful)
Re:Telephone versus Email (Score:3, Informative)
"Thank you for calling Widget inc... this call may be recorded for quality control purposes. "
The rule of thumb in America at least is you can record telephone conversations so long as either one or both parties are aware it's being recorded depending on the state that i
Re:Telephone versus Email (Score:2)
Re:Telephone versus Email (Score:2)
It's pretty simple - if the company owns it, they can use it as they see fit provided it is non-discriminatory. Common carrier rules do not apply because it is a privately-owned network. This applies to p
Re:Telephone versus Email (Score:2)
That's true if you're monitoring a conversation between extensions on the same PBX, but if you're monitoring a conversation between one of your employees and someone outside your organization's system that goes over a common carrier, it's a much different story.
Re:Telephone versus Email (Score:3, Informative)
There's a specific exception in federal law that grants explicit permission for companies to monitor the lines they provide in the course of normal business. There are a number of articles that outline the business telephone exceptions in wiretapping.
A number of states have implemented legislation which require the employer to notify the employee that the lines are for business use only and may be monitored. This is typically covered in an employment agreement under a blanket stateme
Re:Telephone versus Email (Score:2)
Its not federal, its state by state. But email is different than the phone because it involves a computer. Most human's intelligence is at least halved as soon as a computer is involved. Just an observation I've made over the years. I set up a new email server for a department that I worked for and wrote very clear and explicit instructio
There is. (Score:2)
If you're wondering, the US law [cornell.edu] in question is not a specific law, but a 1986 set of laws known as the 'Electronic Communications Protection Act'.
There are also provisions in the law, so that system administrators are still allowed to do monitoring. (2511 (2)(a)(i)):
Hmm...surprised the number isn't higher... (Score:2, Insightful)
It's company resources - you are employed by them, for them.
Re:Hmm...surprised the number isn't higher... (Score:5, Funny)
Improper usage of "there," please replace the offending word with "their."
Good day, Your Corporate Email/Post Monitor
Re:Hmm...surprised the number isn't higher... (Score:2)
false comparison (Score:2)
What's really fun... (Score:5, Informative)
Re:What's really fun... (Score:2)
Surely someone can't just call up and say 'hey, I want to see all of this person's email'.
I can guarantee that there's all kinds of sensetive information floating around on our email servers that shouldn't be given to the public.
Where do you draw the line? If email is public information, what about everything stored on file servers and in databases.. is that public too?
Re:What's really fun... (Score:2)
Productivity? (Score:2, Insightful)
Re:Productivity? (Score:2)
Re:Productivity? (Score:2)
liability issues (Score:5, Insightful)
A single email killed my startup (Score:5, Interesting)
My boss who was the engineering VP had told everyone repeatedly to be very careful about the kind of emails to send to them.
The email that killed us was a "reply all" to a thread announcing that a build of our product that was available for evaluation. An engineer hit "reply all" and then proceeded to write a highly negative diatribe about the build. The reason why he did that was he was upset that he hadn't had time to put in a fix for some particular hardware configurations. Of course, we had months of development left in the project and his fix would have been in the next build. However, he did not state this very precisely, nor did he consider his audience.
The folks who did not like our product (because they percieved it to be a threat to their political power within the company) used his email to convince the CEO of the customer company to cancel our project.
I was in an "Oh Shit" meeting the next day with our CEO and the rest of senior management. Our CEO stated that he wanted to throw the engineer who sent the email off the roof of our building (which is maybe 25 floors). Ultimately this email lead to the layoff off of 130 out of 150 employees during the middle of the resession (November 2001) and ultimately the company limped along for another year before folding. Fortunately for me, I was positioned exactly right (politically) to be able to stay, but a lot of really good people lost jobs at the worst possible time.
If that email had *not* been sent, we might have hung on long enough to ship the product. If that had happened, it would have meant that the people in the "customer" company would havee been promoted, our company would have made some money and maybe been acquired. I'd probably still be working there.
That said, I have no problem with companies monitoring email.
Re:A single email killed my startup (Score:2)
First off, an e-mail filter would not have helped. Most of these have operator types doing the monitoring. It almost certain that they would have regard this as being in the norm, since they are not in the loop.
2'nd, if this is the ONLY account that you have, why, oh why, where there multiple points of contact? There should be one POC and one engineer handling this.
Corporate culture (Score:3, Insightful)
Errr.... Yay team!???
This more or less indicates that your company had bigger problems than that e-mail. If people who want to destroy the company are in a position to do so, they will. Blaming a nasty, ugly situation on one person seems to disregard the fact that there were a number of people,
Re:Corporate culture (Score:3, Interesting)
Re:A single email killed my startup (Score:3, Insightful)
I wonder how human filtering can be effectively implemented at this level - an automated system being useless in these circumstances.
The human filter for this case would have had to know all about the company's policy regarding communications with its client, plus a good deal about the application being developed. Multiply this by N times in large companies with multiple projects and clients. Throw in cases where a client's liaisons can/need to know about problems in development...
Furthermore, there's alw
Re:A single email killed my startup (Score:3, Insightful)
If it wasn't that email, it would have been a different one or it would have been an article in Wall Street journal or a discussion of the weather or whatever.
My point is, the reason they killed the project clearly has nothing to do with the email and it is terrible for yo
Re:A single email killed my startup (Score:2)
Re:A single email killed my startup (Score:2)
My intended pont was that the only way a non-human email filter would have worked would have been by accident.
And what kind of startup can afford to have a human being look at all of its outgoing email?
Re:A single email killed my startup (Score:2)
In fact, my boss wanted to do just that and was overruled by the IT director and the COO of our company because they felt it would have been too onerous and "Nazi like".
Re:So what happened to the guy? (Score:2)
Biased much or is this just misplaced paranoia? (Score:3, Insightful)
The people who are hired to "spy" on their fellow co-workers are generally looking for those types of violations and if somewhere in the middle someone is sending out porn, or using their employment at a prestigious company for ulterior motives, or any other myriad of the violations of common (or clearly stated at the time of your hire) corporate network use and they get caught, well... the flour sifter has caught a few more flies.
Despite the fact that we all work with them or are them, from the top tiers of management and from the shareholders viewpoint those violators are not the types of employees that you want to employ or want on the payroll.
Companies tent to benefit from firing these people because they show to their employees and clients that they are there to do business and just business.
If this was about ISP or the government spying on an individuals emails, then that would be a valid case and cause to rally the troops of the revolution, but when you are using someone elses network, someone elses resources, and being paid not to...well I don't really see the cause for concern.
Lawsuit insurance... (Score:3, Interesting)
Moreover, with all the top heavy companies these days, all those managers have to find something to do with their time. You can only implement so many inane policies before the well runs dry.
Liability, and how to avoid it (Score:2, Insightful)
The solution becomes obvious; if you want to send personal e-mail from work that might violate slander laws, threaten to assassinate the president, or contains childporn, send it via your own machine. I for one make sure that during working hours, all my personal e-mail goes
Paper seriously misquoted (Score:5, Informative)
The "study" referenced does not address eletronic monitoring of employees.
The paper is about trusting employees to work from home and other "remote" locations. Evidently, Microsoft doesn't feel that employers should feel the need to physically watch over their employees - perhaps because remote office work could be beneficial to Microsoft's bottom line.
To claim that this paper is an academic study referring to the negative aspects of corporate electronic monitoring is way off base. Instead, it smells like a Microsoft whitepaper promoting Microsoft products within UK employees' homes.
Only takes once. (Score:3, Insightful)
It only takes one bad mail to kill a company. Either via leaving you liable or trade secrets, or even outright fraud.. Its not just about lost productivity of employees playing around with email instead of working. Need to change your 'its unfair' mindset. Its a business and you are being paid to work, it does not have to be fair.
Re:Only takes once. (Score:2)
Privacy? (Score:3, Interesting)
You are AT work on the COMPANY OWNED premises, using computers owned BY THE COMPANY, being paid to ONLY produce. ( unless you have a job that pays you to not do anything.. )
If you want privacy, go home where you have that right. But dont expect it at the office, as you DONT have that right. Pretty simple.
Using webmail from work (Score:2)
But if you use a webmail, it's not coming from the company e-mail is it? So for the most part it's someone else's problem. It's one thing for Joe at Widget Inc to send off an e-mail from the Widget.com.... as any e-mail represents the company. I.e. if Joe says, "It's lunch time h'm going to download porn and masturbate at my desk" this would reflect
Re:Using webmail from work (Score:2)
The tech department thought it was amusing though and took care of it, but damn did my manager give me some strange looks after that.
simple solution (Score:2, Informative)
this also assumes that you have shell access somewhere. but don't we all?
of course they could go ape shit and block port 25 on you.
It's a Necessary Evil (Score:2, Insightful)
In addition, as someone earlier pointed out in an earlier post, the company may also be shielding itself from litigation if one staff member is creat
Outside influences (Score:2)
And while you may say 'just don't do business with them', that's pretty impossible. They are the two biggest on the planet in their field. To the tune of pumping us tens of millions $$ per year.
Moral priorities (Score:2, Insightful)
Re:Moral priorities (Score:2)
Although my wife has another year before she finishes the MBA program, so maybe they teach this in the final year.
Another argument for a union... (Score:5, Interesting)
Whenever unions are brought up on Slashdot, they're usually in the context of low wages or long hours.
But here's another prime example of where some kind of union could prevent this kind of invasion of privacy (and waste of money). But without any kind of organization that can negotiate on the behalf of the employees, most workers just have to take it.
Now before the Libertarians get their briefs in a bunch, no, a corporation has no legal responsibility to respect the freedom of speech of it's employees. Yes, employees are free to find another job. But sometimes those excuses just aren't good enough.
Re:Another argument for a union... (Score:2)
Re:Another argument for a union... (Score:2)
Right up until you forward that memo about selling equipment to yourself at a substantial markup to make your quarterly report look like you're doing a lot of business and getting a lot of money flowing through your company to the FBI and the SEC and you get fired and the memo gets disappeared. "Of course this person is making it up, they were just fired and are trying for revenge!"
Huh? (Score:2)
It's not that cut and dry (Score:4, Insightful)
I've worked for companies under investigation by the SEC for inappropriate behavior. Sometimes "one or two" emails is all it takes to break the law and cause a company's stock to plummet.
My current company 'buys up expensive tools' and 'hires extra staff' to run backups on the network, just in case one or two problematic hard drive failures occur. Why is it ok to monitor company hardware but not ok to monitor company communications?
Some monitoring is almost a necessity (Score:2, Interesting)
corporate secrets (Score:5, Interesting)
So someone with access to it is about to sell it. Naturally all the email filters are in place and she was smart enough not to try that. So she figured she would just print it out and walk out with it. She got caught, however, when she called the IT department because the print server crashed. Apparently, sending a 10,000 page document to a print server doesn't quite work as well as one might hope.
TFA (Score:5, Informative)
Why not link to the source [chicagotribune.com] for your source (login [bugmenot.com])? The ITFacts.biz story got it wrong anyway: "33% of US companies monitor employees' e-mail" is wrong--the direct quote was "Almost 33 percent of 140 North American businesses..." You and ITFacts were off wrt the number and the sample. Oh, and the Tribune article was merely a syndicated column, using data from a nearly year-old study [bizjournals.com]. Not exactly news. Where did I find that out? Look, it's ITFacts.biz! [itfacts.biz] Yep, TFA was a double post.
Let's continue because we are not done fixing your post:
43% of those companies employ staff to check outgoing emails.
Wrong. It's "more than 43%" of companies with over 20,000 employees (not 43% of monitoring companies), according to the study. The one-third figure expands the sample to include all companies.
It is also worth noting that the study in question was sponsored by ProofPoint, which in fact sells monitoring software [proofpoint.com]. So you could say that Forrester had a financial interest in high-balling the figure (which it appears they did, with all this "almost 33%" business).
Late to the party, but here is my two cents anyway (Score:2, Interesting)
1) Liability. If something is sent by company equipment, by a company employee, it becomes the companys responsibility. At my current employer, we had a customer service rep go rogue and send a nasty, racist email to a customer via yahoo mail, using our equipment. We narrowly escaped a lawsuit by doing some serious sucking up. thankfully, we kept logs of all web based activity and were able to prove who it was and
Re:Late to the party, but here is my two cents any (Score:2)
Let me guess: This time figure is based on the implicit assumption that zapping off the latest joke takes exactly the same amount of time as drafting and sending a preliminary report.
NZ Police (email) porn scandal! (Score:2, Insightful)
Streaming video of news: http://www.xtra.co.nz/streaming/0,,10550-4309851-3 00,00.html [xtra.co.nz]
txt: http://xtramsn.co.nz/news/0,,11981-4311659,00.html [xtramsn.co.nz]
"A police audit has found that about 20 percent of email capacity was taken up with pornographic images, and 300 officers are under investigation for having pornography on work computers. "
now, perhaps monitoring software could ha
It should be like phone use (Score:4, Insightful)
In a nutshell, he said people should think of using a company PC the way they already think about using a company office phone.
Nobody minds an occasional call( now email ) to take care of a small personal issue, but people do care if they spend if you spend all day on the phone ( email ).
By the same token, people in most jobs do not expect their office line to be tapped and the contents monitored.
Re:deserve what they get (Score:2)
Hmm, a slight increase in overheads vs exposure to lawsuits and loss of business information to competitors.
We had a case where a guy was posting future model information to a web based forum, from his work supplied email account on his work supplied PC in company time.
Do you think that was acceptable?