Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy Communications Your Rights Online

63% Of Corporations Plan To Read Outbound Email 565

John writes "Aviran's place reports that a recent survey of 332 technology decision-makers at large U.S. companies reveals that more than 63% of corporations with 1,000 or more employees either employ or plan to hire workers to read outbound email, due to growing concern over sensitive information leaving the enterprise through email."
This discussion has been archived. No new comments can be posted.

63% Of Corporations Plan To Read Outbound Email

Comments Filter:
  • by rd4tech ( 711615 ) * on Tuesday June 07, 2005 @09:24PM (#12754134)
    The funny thing is... well, not so much funny as it is disturbing, signing an employment contract.

    Remember that signature on that thick paper you've signed prior getting that high paid tech job? The one saying that everything you think of during working hours is theirs? The one that maybe is saying (in some cases) that everything you think on and off during working hours, while employed or 3 years after also belongs to them?

    Well, it seems to me, and I might be way off here, that thinking up an email by an employee is in fact his company's property and hence, they have all the rights to read it, and it doesn't breaks anyone's right to privacy.

    Can anyone with legal experience enlighten me on this one? Do the bastards have the right to do so, provided that one doesn't sign a document that explicitly states "you can read my email" but instead contains a fine version of "all your bases, off lunch hours, belongs to us?
    • Well, it seems to me, and I might be way off here, that thinking up an email by an employee is in fact his company's property and hence, they have all the rights to read it, and it doesn't breaks anyone's right to privacy.

      Email is considered company property, but people have gotten a little miffed because work and home tend to mix some. (No worries. It's natural as long as you keep it under control and under wraps.)

      The part that amazes me these days is that people bother to send personal email through their work address when perfectly good webmail clients exist (*cough*gmail*cough*). Yes, your employer can probably see that you're surfing Gmail/Hotmail/Yahoo/Home *nix Server. However, your email is not likely to be captured by their system, and remains private.

      So, why do people still use work for private mail?
      • Probably because nowadays, more than ever, work life and home life tend to overlap, and so do your business and personal contacts. It's simply easier (maybe not smarter) to just maintain one main email account and since you have to use the work email for work contacts, it's simpler to use that account as your crossover account. Also, most people have nothing to hide from their employers, and others simply take the warning that their email will be read as an idle threat.
      • A lot of employers block access to gmail, hotmail, msn messenger etc. which leaves people with only one option, company mail.

        Also, when you say email is company property, I understand the technical principle that the bits and bytes are on the company owned servers but it's still a form of communication and people should have the right to a little privacy. When I talk on the company phone (or even company paid cell for that matter), I do not expect someone to be listening to my every conversation. This is
        • Also, when you say email is company property, I understand the technical principle that the bits and bytes are on the company owned servers but it's still a form of communication and people should have the right to a little privacy.

          A company may record all emails for legal reasons. They may be compelled to turn them over to a court or some regulatory agency. The use of personal email could be viewed by a hostile plantiff, court, or agency as circumvention of data retention in order to hide misconduct or
      • "However, your email is not likely to be captured by their system, and remains private."

        While Yahoo does support optional SSL, and I have no experience with Hotmail, I have never seen an SSL 'padlock' icon on Gmail. So the messages you read and send on Gmail appear to be transmitted in plaintext, and would thus be easy for the sysadmin to read.
      • " However, your email is not likely to be captured by their system, and remains private."

        At that point, does it matter to the parent corp as much? One of the dangerous things about having a corporate email address is that it ties you to that corp. Imagine the difference between recieving 'leaked' specs of Nintendo's next system from a Hotmail address. Then imagine that same email from Nintendo.com. The problem isn't just privacy, it's that with that address you are a voice for the company.

        My company
      • by xQx ( 5744 ) on Wednesday June 08, 2005 @04:01AM (#12755782)
        Being the sysadmin at a small company, I am the person who actually ends up reading people's email; and being a small company, the person who has to face the person who's email I just read.

        The arguement is simple and well covered, the company owns the computer, your email, and anything you do on company time.

        The only grey areas are 'does the company have the right to go through email you deleted', and 'does the company own something you did using company resources in your own time.'

        I mix personal email with company email; as do many others...

        I say openly to other employees "Yes, I can read your email. Yes, it's not private. Yes, we own it. BUT, The company and I don't care what you and your friends talk about and what you do on the weekend." If you're not trading secrets, resumes or bagging the company, even if we do read your email, we don't CARE.

        If you're worried about privacy in a 1000+ employee company, remember this:

        You're just not that important. :)
    • And what if I type my email without thinking? You know, like I do for slashdot my comments.

    • by Anonymous Coward
      IANAA, however I've been negotiating my own employment contracts for years. I carve out broad exceptions for any work I do offsite, without their equipment, and not under their direct orders. I also include a phrase exempting any pre-existing intellectual property. I also usually strike any anti-whistleblower clauses. So far, none of these changes have ever stopped my employment.

      As I recall, the right to privacy applies only when and where one has a reasonable expectation of privacy. If you're in your empl
      • hmm... your post is good

        Can you give me more information on the "pre-existing intellectual property".

        I'll be very interested to hear how you are handling that one.
      • by MooseByte ( 751829 ) on Tuesday June 07, 2005 @11:22PM (#12754850)

        "you've no more expectation of privacy than you do on a CB channel."

        Might as well go all PsyOps on their corporate asses then.

        Have some outside dummy accounts you can send email to. Send messages full of glowing comments re: boss & company, and others that refer to a mysterious dark conspiracy that haunts your past. Something involving genetic experimentation, a mad European scientist, and a mysterious Brazilian clinic.

        Then the week before you quit, start sending mysterious messages encoded in pig-Latin.

        "The owls-nay are not as they eem-say."

    • Can anyone with legal experience enlighten me on this one? Do the bastards have the right to do so, provided that one doesn't sign a document that explicitly states "you can read my email" but instead contains a fine version of "all your bases, off lunch hours, belongs to us?

      IANA Lawyer... but I'm not sure you could afford one to solve this kind of issue for you. It seems to me that question here should not be "what is their legal rights" so much as "what are my technical capabilites". Assuming you have in

    • I think I may be playing Devil's advocate here, but I don't really have a problem with the companies reading their employee's email. Your work email address is for just that - work. These emails are written on company time and they are on the company network. I'm sure there is an AUP for the company network; they aren't hiding the fact that they can read your emails. In short, don't waste time with personal emails at work and don't send out company secrets through email. Isn't that unethical anyway? K
    • by Horrortaxi ( 803536 ) on Tuesday June 07, 2005 @11:46PM (#12754948)
      Can anyone with legal experience enlighten me on this one? Do the bastards have the right to do so, provided that one doesn't sign a document that explicitly states "you can read my email" but instead contains a fine version of "all your bases, off lunch hours, belongs to us?

      I've never gotten the "sign here to allow the company to read your email" letter before, but over and over I've gotten the one that says "I understand that there is absolutely no guarantee of privacy when using company computers/networks. Company computers/networks are to be used only for company business. Personal use of company computers/networks is grounds for dismissal." I don't work for a Fortune 500 company, I work for a school district. What kind of trade secrets am I going to leak? 2+2=4? No Child Left Behind is a bad idea? But as anti-big brother as I am I think this is perfectly reasonable. While you're at work they own your ass--and they own the computer and they own the network. They have the right to do whatever they want with their property.

      I was actually a juror on a wrongful termination case about a year ago. The plaintiff said she was fired because she was pregnant, but the defense was ready with all her personal emails she sent from work. Hundreds of them! Racist jokes, bullying/humiliation of coworkers, invitations to happy hour, bids sent to competing vendors (oops!), booking vacations, getting mortgage rate quotes, etc. Then they whipped out the "I understand that my email is not private at work and I can't use it for personal business and if I do I can be fired" document signed by the plaintiff and it was all over. This small company had actually fired a few people for email abuse already.

      They pay you to work. If you send out the occasional personal email they probably won't give you static about it. But if you send so much personal email that they wonder when you have time to work there will be problems. There really shouldn't be any outrage about it.
    • "Remember that signature on that thick paper you've signed prior getting that high paid tech job?"

      Yep. I also recall that you can't waive your rights in a contract. Sadly, privacy isn't an actual right in the US. :-(

      Unless your company blocks outgoing ports, you can always just run your own mail server at home, and communicate with it via SMTP/TLS. I do this and I also don't use my ISP's relays except for those few destinations that refuse to talk to a "residential" mail server. That way, any destination
  • Next up... (Score:2, Funny)

    by bburton ( 778244 ) *
    And it's all going to be done through a goverment agency call the Thought Police.

    Next, Telescreens and microphones in every home!
  • But..... (Score:5, Funny)

    by ian rogers ( 760349 ) on Tuesday June 07, 2005 @09:27PM (#12754149)
    Who do they hire to read the outgoing emails of the people they hired to read outgoing emails?
  • Go ahead, then explain to the shareholders how much of their money you wasted on nothing.

    Seems like just another trick so management can fire people and bring in their own cabinet (brother/friend/etc.)
    • Except they still don't get to fire you for no reason. This just gives them another avenue where they can find reasons for this. Just don't send out secrets via email and you won't be fired. (You still have no privacy but you didn't really seem to care about that aspect).
      • What world do you live in? I can fire you for ANY reason. I dont need to give you anything, all I need to say is get out? I suppose your mileage may vary, but I think the average US State use an "employment at will" guidline, which means I can fire you for anything I want, except some obvious (race, sex, age, etc). I could probably even fire you for those if I dont tell you.
    • Re:Go Ahead (Score:5, Insightful)

      by rd4tech ( 711615 ) * on Tuesday June 07, 2005 @09:33PM (#12754194)
      Nope, you are getting it all wrong, imagine the following: "And by this, my dear shareholders, our development team will know that their email is read, thus, reducing the time they spend on writing non-work related emails to minimum... and..." :) Management 101 = "everything is magic"
    • Re:Go Ahead (Score:3, Insightful)

      by davmoo ( 63521 )
      I'll explain to my shareholders why I wasted $50 or so thousand a year paying an employee or two to check email.

      And while I'm doing that, you can explain to your shareholders why the company lost millions of dollars on a new product because someone inside the company sent company secrets to a competitor.

      Or you can explain to the shareholders why the company is now paying a multimillion dollar settlement for sexual harrassment via an employee's email.

      Paying someone to read email is vastly cheaper than the
  • by tacocat ( 527354 ) <`tallison1' `at' `twmi.rr.com'> on Tuesday June 07, 2005 @09:29PM (#12754161)

    This is so far ahead of it's time I just don't know what to say...

    I can't send more than maybe one or two MB of data through my email.

    But I can easily shove a 1GB USB stick up my ass and walk out past the guards.

  • This isn't funny as it has resulted in more than one person being terminated because of what was called "inappropriate" material (meaning someone COULD have taken offense to it. Remember...Charlie is Watching!
  • by Average_Joe_Sixpack ( 534373 ) on Tuesday June 07, 2005 @09:32PM (#12754190)
    For example if I include the name of one of my company's products plus "bug"/"flaw"/"crash" then I can expect a follow-up scolding from HR. (I found this out the hard way) Course that's cake compared to the other spying and practices that go on.
  • Get a job checking outbound email for espionage.

    Seriously, there are so many ways to get info off computers your best bet is to focus on hiring decent people. Not infallible, just the least bad option.

    I bet the same companies that are doing the email snooping have their employees send their username and password as cleartext while checking their email from countries with competent foreign intelligence services.
  • Yeah this is great (Score:5, Insightful)

    by Azureflare ( 645778 ) on Tuesday June 07, 2005 @09:33PM (#12754193)
    But how many plan on reading AIM conversations their employees are having?

    My corp uses AIM for internal communications, and I am really disturbed by this. I'm amazed the local admins have allowed this to go on. Basically all our conversations are going through AOL's servers and the internet, in plain text. And there is ABSOLUTELY no reason for this, since we're all on the local LAN.

    I'm planning on setting up a jabber server on the linux box there, but it may be a chore getting employees to switch from AIM to something like gaim or trillian (does trillian support jabber?)

  • to work for yourself. Being self employed is very hard but rewarding. :)
  • Well (Score:4, Insightful)

    by Rew190 ( 138940 ) on Tuesday June 07, 2005 @09:35PM (#12754214)
    Well, the gut reaction is to say this a bad and terrible thing (also a bit silly, as it seems to me that anyone with any technical know-how would just use internet-based mail to get sneaky anyhow), but really, if you're on their payroll, isn't it well within their right to make sure you're not doing damage to them?

    At the very least, it seems like a good way for the companies to weed out the idiots who would be stupid enough to send questional material through their servers.

    Yeah, it sucks to be being watched and not trusted like that, but this shouldn't outrage anyone. They'll probably reverse their policies when the costs of something like this start racking up with nothing to show for it.
  • ..tell them about webmail. They'll NEVER see that coming.
  • My workplace is one of the many that has a "No camera phone" policy (thankfully not enforced). It really doesn't make any sense. There was a good Dilbert strip [typepad.com] that sums it up pretty well.
  • i refuse to use email at work!
  • by Timbotronic ( 717458 ) on Tuesday June 07, 2005 @09:39PM (#12754241)
    As with most draconian Big Brother initiatives this one won't work. What's to stop employees from just logging into a private webmail account over HTTPS and sending information out that way? Unless employers block browser access, search people for USB keys, iPods, floppies etc there's a dozen ways information can be leaked out of a building.
    • by Anonymous Cowdog ( 154277 ) on Tuesday June 07, 2005 @09:57PM (#12754371) Journal
      >What's to stop employees from just logging into a private webmail account over HTTPS and sending information out that way?

      Keystroke logging.

      So if you're an employee who values privacy and wants to send a bit of private personal email once in a while on your personal web mail account (say, gmail), the only way to retain that privacy is to either do all that mail through a cell phone, or install an OS that the IT people don't have a keystroke logger for. Where I work all our computers have the corporate spyware installed from day one. To have privacy, you have to find some obscure Unix distro (Red Hat isn't obscure enough; they have that covered too) and use it.
  • Having just read everyone's e-mail I know, I would be GREAT for the job. Where do I apply?
  • Only time will tell whether reading employee email is good or bad for a company.

    What's the effect on morale when everyone knows their email is being monitored? It will probably generate resentment, which leads to people selling out to the competition.

    And what's to stop someone from saving some piece of information on a USB key, then sending that out by FedEx? Maybe email is the easiest thing to use, but there are lots of other ways to send data.

    The more I think about it, the stupider it sounds. I thin
  • by Anonymous Coward on Tuesday June 07, 2005 @09:43PM (#12754271)
    From: steve@apple.com
    To: paul@intel.com
    Subject: Execute Order 66

    Dear Paul,
    let's do it,

    signed

    Steve

  • by Anonymous Coward on Tuesday June 07, 2005 @09:44PM (#12754279)
    Really. This wouldn't affect me in any way, because I never use work time for personal business, and I like my boss! He's so clever and intelligent.

  • As if anybody shrewd enough to be stealing corporate secrets (and presumably selling them to the highest bidden?) isn't smart enough to encrypt it, or, god forbid, send it through another mail server.
  • I can only assume they are looking for accidental information leaks. Obviously anyone interested in sending uncensored email would use Yahoo or Hotmail or something. Or a phone. Or whatever. Anything but corp email. Do they really think this will be useful? Is it really worth losing any good faith between management and employees? Forget about privacy. It seems like bad business.

    -matthew
  • Every single work e-mail I send is legitimate.
    (as long as I can SSH home and use PINE to send all the personal e-mail I want)
    Who really wants to use Outlook anyway?
  • by Waffle Iron ( 339739 ) on Tuesday June 07, 2005 @09:51PM (#12754321)
    It's not hard to hide your email information leaks from snoops, like so:

    2004 Request for temperature compensation aggregate mixtures: Aggregate mixtures are 3% above nominal for the first period, requiring a 8% reduction in admix composition between junction intervals. All temperature compensation is within target limits for the period ending 3/7. Urgent sell all your stock asap; the SouthEast deal has totally fallen through, we've lost all licensing rights and we're going to post a huge loss and massive layoffs next quarter, when this goes public on Thursday our price is going to fall off a cliff. Secondary filtering activity has increased by 27% this period, followed by tertiary filtering increases of 5%. Verification requested.
  • ROT 13 (Score:3, Insightful)

    by 3770 ( 560838 ) on Tuesday June 07, 2005 @09:51PM (#12754325) Homepage
    I bet even ROT13 "encryption" would defeat the corporate censors.
  • I travel most of the week for my employer, so I use my business laptop after work hours for personal e-mail. My employer has the right to read everything I do on my laptop (including this comment). I even balance my checkbook on my work laptop - theoretically, my employer could view every purchase I've made for the past several years. That's too freaky.

    Where do most companies draw the line? There is serious potential for abuse.
  • If you don't trust your employees, you make them untrustworthy.

    If you don't trust your employer, you make them untrustworthy.

  • by yagu ( 721525 ) * <yayagu.gmail@com> on Tuesday June 07, 2005 @09:59PM (#12754385) Journal

    This is oh-so-wrong on too many levels! One (that's too many.)! There are so many ways for employees to betray a financial or corporate trust. Likewise, there are many ways for an employer to betray a trust. This would, in my opinion, be one of the most onerous with many potential avenues for backfiring.

    Consider the disgruntled or dishonest employee. Think they're intent to betray a company is stopped by this policy? Not a chance! This kind of "policy" would only bolster a disgruntled employee's rationalization/justification, etc. to follow through with betrayal. They only need choose some mechanism other than e-mail and there are many.

    Now, consider the neutral employee... a policy like this could create a tipping point and generate resentment enough to give cause to consider doing something subversive to a company. After all, the company, by fiat, is essentially assuming an employee is "up to something".

    Finally, consider the loyal employee (how many of those will there be after widespread policies like these?)... A quick glance around and loyal employees may begin to wonder what end from loyalty....

    No, this is just plain bad policy.

  • what kind of an idiot leaks confidential information through their corporate email address? at least use a private email account from a non-work computer.
  • ...due to growing concern over sensitive information leaving the enterprise through email.

    While there's some truth to this, one has to ask the question why employees would leak sensitive info. Could it be because the employees are maltreated, the company isn't doing a good job in selecting hires, or a combination of both? Besides, wouldn't it make more sense to copy sensitive info to a flash drive or CD-R, and just e-mail it from home in the first place?

  • Lucent / ATT does it (Score:3, Interesting)

    by jpostel ( 114922 ) on Tuesday June 07, 2005 @10:08PM (#12754453) Homepage Journal
    Or at least they used to. I worked at Bell Labs in 1997 and one of my co-workers was escorted out of the building by security. He was discussing one of his projects with someone that he went to grad school with via email. It's not like he was selling info to a rival company, but he broke is confidentiality agreement and they fired him.

    What's funny about this is that I told him they recorded every keystroke on the UNIX boxes (no one used Windows except for Word and Excel) and that they had a visible and hidden copy of the log file so they could compare. They probably had a third, but I only found the first two.

    In today's companies, I find it amusing that they would claim to hire people to sift through outgoing email. My company won't hire people to train internal staff to do their jobs. Instead they pay people to correct the mistakes. It's a joke.

    I've had to read peoples' emails when HR asks for emails related to a specific topic (usually legal), and I can tell you it's like washing someone else's laundry: it's voyueristic at first, but after a while, it's just dirty laundry.
  • Elliott Gould had a longish monologue in the Vietnam-era movie Little Murders that could prove useful. Occasionally address the content of your mail to your spies. Sympathize with their boredom and loneliness. Let them know you forgive them and you know they didn't expect to grow up to be mail snoops. Let them know that you are lonely too and rail against the ennui of the two of you placed in this soul-sucking juxtaposition of pointless futility and faceless emptiness. What might life have been and wha
  • by TheNucleon ( 865817 ) on Tuesday June 07, 2005 @10:12PM (#12754482)
    ...will begin reading their incoming e-mail.
  • This whole abandoning privacy and spying on each other thing is so cool. I can't wait to become an oppressor!
  • by Deagol ( 323173 ) on Tuesday June 07, 2005 @10:14PM (#12754502) Homepage
    Anyone really clever enough to cause serious damage from the inside can do better than email. Besides, draconian measures like this are ultimately self-defeating in the end. If you treat your employees with disrespect and distrust, the employee reciprocates with equal disloyalty.

    I once worked at a small software firm (50 emplyees) and we "merged" with a larger one. What was once an open workplace of mutual respect quickly became one location of seemingly untrusted drones. The new corporate office demanded a firewall, so they could watch what we visited. They snooped people's Exchange folders. Etc.

    It had never occured to me to betray my employer. But when they started treating us as untrustworthy, my fellow admins and I came up with all manner of methods to thwart the security measuress. It helped, of course, that we were privy to those measures, which we were sure to disclose to fellow workers who had no idea.

    And you'd better be *really* thorough with that Acceptable Use Policy. :) Sure, you can watch what I visit on the web, but it may only *seem* innocuous. One user on the inside may be sending weird HTTP requests to a legit-looking site. But in reality, those requests are lines of an ASCII armoured PGP file (properly URL-encoded, of course).

    I don't care if it's the company email server, on company time, yadda-yadda-yadda. And I don't care if the ream of paper I signed to put food on the table gives them the right to records phone calls, archive email, and takes ownership of portions of my brain -- 'cause they *all* do it these days. It's not outright collusion, but the end result is pretty much the same.

    If the company expects me to interrupt home/private time for their beneift, they'd better damned well respect my privacy on the job, because there's little time to tend to personal affairs requiring 9-to-5 services otherwise.

    "That badge don't make you right."

  • Meanwhile, don't mind those people walking off with that case full of tape storing all of your company's sensitive information entirely unencrypted.

    It really is disturbing to see how many companies think that becoming a Big Brother figure to their employees is a reasonable or effective substitute for a good---or even any---security policy.

  • by abulafia ( 7826 ) on Tuesday June 07, 2005 @10:20PM (#12754534)
    One one hand, liability concerns drive this kind of crap. We have too much law. (Yes, this means you, those of you who want to bind corporate hands at every turn - SOX means bosses reading your email, in many cases. Hope you enjoy sticking it to your ass, I mean, the man.)

    On the other, this just means smaller companies will get better employees who don't want to be drones. That's one of the reasons I started my own - I hate oversight, and am bad at playing employee.

    On the gripping hand, ethics are important. And they're hard in large companies. To some extent, if you're a large corp, you need process in place of understood ethics, because the former is enforcable and the latter much less so. I still think the balance tips to small corps. But then, we can't turn out replacement Apple CPUs, so our role is constrained.

  • They don't have to waste much in terms of monetary resources... The companies can simply license Google PigeonRank technology [google.com] and let pigeons scan the email for leaks. The only cost would be licensing to Google and food for the pigeons, and possibly the computers they peck at if they're not planning on giving them used computers to work with.
  • Law shmlaw (Score:3, Informative)

    by Moiche ( 840352 ) * on Tuesday June 07, 2005 @10:22PM (#12754551)
    In response to the numerous posters wondering whether the practice of monitoring employee email is legal: the one thing you can be sure of is that anyone who tells you straight yes or straight no doesn't know what they are talking about.

    Believe or not there are actually at least four different bases [harvard.edu] on which you could (but probably won't be able to successfully) argue for a right to privacy with regard to email communications sent from work:

    (i) The Fourth Amendment to the U.S. Constitution, which reads: "[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures" -- but which only applies toward government action (although some pretty surprising apparently private actions can qualify as "governmental");

    (ii) the Electronic Communications Privacy Act (ECPA), which covers email, and prohibits "(1) unauthorized and intentional 'interception' of wire, oral, and electronic communications during the transmission phase, and (2) unauthorized 'accessing' of electronically stored wire or electronic communications." -- but allows exceptions for companies which provide internet service, and does not apply if the employee consents to ECPA violations;

    (iii) State statutes, which obviously vary wildly from state to state. The article that I'm using as my primary source notes that " Members of state legislatures have attempted to pass bills that would strengthen the protections of workers against electronic monitoring in the workplace, but they have generally failed because of sustained and effective corporate lobbying." (*mweheheheheh*).

    (iv) Common law (which also varies from state to state) which sometimes recognizes an "actionable right to privacy" -- but under different caveats in each state.

    Ummm . . . so yah -- it's complicated, so much so in fact that it's an open question in various states whether or not its legal. Also -- not surprisingly -- the legality of the monitoring will often depend on the purpose of monitoring, the purpose of the communication, sometimes even the industry you're working in, etc. Good luck figuring it out -- especially if you signed a (now practically standard) agreement allowing your employer to snoop through your work emails at will.

    Generally, when the law is this fuzzy, corps will do whatever is in their best interest, and count on their lawyers being better than your lawyer if you sue. They're generally right. So assume that your workplace email communications are being monitored. We are the point now that it is never a good idea to send via email something you wouldn't mind all your colleagues seeing. Use Yahoo! or Gmail and at least make it a challenge for BigBroCorp to keep tracking of your on the job dicta. Of course, sending risque stuff from your workplace email may be your chance to be [snopes.com] famous [snopes.com]. Hehe.

    Regards,

    Moiche

  • by caxis ( 855664 ) on Tuesday June 07, 2005 @10:59PM (#12754749)
    I work for a life insurance company and just wanted to point out that any information systems that contain or have access to EPHI (Electronic Protected Health Information) are bound by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) which specifies in more than one part that measures must be taken to ensure EPHI is kept confidential. This INCLUDES monitoring outgoing e-mail. My company is small, our IT department consist of 4 programmers, a network admin, 2 help desk people, a production operator, 3 business analyst and a manager. We don't want to be bothered with this crap, but we are obligated by law.
  • by shodson ( 179450 ) on Tuesday June 07, 2005 @11:07PM (#12754790) Homepage
    I keep seeing posts on Craigs List in the "Gigs" sections titled "Get paid to read email" but they are usually deleted by the time I read the the posts through my RSS feed. Maybe this is what these are all about: companies can outsource their email reading to an overseas Asian country, that'll really keep security nice and tight!
  • by jeanluc.bonnafoux ( 611600 ) on Wednesday June 08, 2005 @02:05AM (#12755442)
    In France, the situation is the following: A corporation can anly read emails concerning business. The emails sent from a corporate email account but concerning private matter can not be read. The problem is: how can companies know if an email is a business or a private one ? AFAIK, in France, we often are asked to put a special word (eg: private or personnal) in the title in order to avoid scanning.
  • Even funnier (Score:5, Interesting)

    by YrWrstNtmr ( 564987 ) on Wednesday June 08, 2005 @07:25AM (#12756323)
    How many people take their work laptop home every day? Company doesn't want you to leave it on the desk...too easy to get stolen. So they get taken home every day.

    Company secrets leaking out through email? Hell. 80GB walking out, as per company rules, in my backpack every single day.

  • by snero3 ( 610114 ) on Wednesday June 08, 2005 @08:22AM (#12756645) Homepage

    I used to work for a university in the MBA school. In order to get the best possible professors for our students we had to allow them to do consulting for large companies on the Uni's time as we couldn't afford to pay them what the going market rate was. This practice was regulated in that they could only spend 30% of their time consulting and they couldn't use any of the schools recourses (IE letter heads, websites, secretaries etc..). Now on the face of it this worked well for both parties as we got the best from industry plus the profs got the salary they had come accustom to. However, as human nature would have it, the profs got greedy and started abusing their position and students started to take notice that the very expensive course they had just paid for was suffering. So as IT we were charged with implementing all sorts of monitoring to gather evidence of these facts to weed out bad apples, otherwise the school would go bust and 100's of people would lose their job. The loss of privacy I can live with, the loss of a single mum's job because of a greed fat man I can't. If faced with that decision again, I would make the same choice in a heart beat.

    There is also another good reason for this which is not entirely related to sensitive information leaving the company via company email and that is the sexual harasment/bulling. It is necessary to monitor email to limit this kind of activity before it blows up in your face. We recently did a audit of email boxes and found that 60% stored what would be considered (by law in Australia) as a offensive amount of porn that the company could be and would be held laibale for. What was worst was massive internal/external mail groups that were being sent to. I have no problem with porn (of the legal kind) just view it and send it on your own time. No one likes to see you spanking it at your desk!

  • by v1 ( 525388 ) on Wednesday June 08, 2005 @08:54AM (#12756951) Homepage Journal
    Anyone using someone else's communications technology should not expect their communications to be private from the owner of the technology. This includes phone, email, SMS, etc. I take it for granted that if I'm on the phone with someone there may be a lineman down the block testing the phone lines and may overhear part of my conversation. I don't believe my employer is currently reading my email, but I totally believe in their right to do so.

    The only reason there aren't more employers monitoring email is simply due to a lack of manower to do it.

    Bottom line: never assume privacy. Only assume better privacy by actively employing measures yourself. (pgp etc) And of course if you're using pgp on on your employer's computer, isn't that a major false sense of security? (if it's not owned by you, consider it 0wn3d)

"The following is not for the weak of heart or Fundamentalists." -- Dave Barry

Working...