In Australia, Bosses May Get Power To Snoop On Emails

Numerous readers noted the proposal by the Australian government for legislation to allow employers to snoop on employees' email and IM conversations. This is being proposed in the name of protecting the infrastructure from terrorism. The attorney-general cited the Estonian cyber-attacks as a reason why such employer monitoring is necessary in Australia — never mind that the attacks were perpetrated by a lone 20-year-old and not by a foreign government or terrorist. The law permitting intelligence agencies to snoop on citizens without permission expires this June, leading to the government's urgency to extend and expand it. The chairman of Electronic Frontiers Australia said, "These new powers will facilitate fishing expeditions into employees' emails and computer use rather than being used to protect critical infrastructure. I'm talking about corporate eavesdropping and witch-hunts... If an employer wanted to [sack] someone, they could use these powers."

really?

[ILuvRamen]

I had no idea it was illegal now! Here in the US it's like if you don't own the computer cuz it's a work computer and you're on the work's connection, they can spy on you all you want. It seems completely logical to me and not even really an invasion of privacy cuz you should be ohhhh you know, DOING WORK lol.

Re:

[JustShootMe]

To me, this is just another manifestation of peoples' sense of entitlement.

Re:really?

[QuantumG]

uz you should be ohhhh you know, DOING WORK lol.

Talking to your union rep is doing work.

Re:really?

[JustShootMe]

Then don't do it on company resources.

In that situation, you should consider anything the company owns as being enemy territory - and consider it the same as talking to your union rep while the boss is in the room. Find some other way. There are plenty. Maybe take your laptop to a starbucks and send an email there.

Re:

[Falladir]

you should consider anything the company owns as being enemy territory

That sounds like a crappy life. ...wait...actually, I already operate like that. But the enemy doesn't have the resources to surveil me. Hmmm.

Re:really?

[QuantumG]

You have a right to talk to your union rep on company resources... in many companies the union rep is paid by the company.

Not everything in the world is the same as it is in the USA, kids.

Re:

[JustShootMe]

Then use the phone or meet with him/her in person. There's no way to tell when an email is "privileged" or not.

Re:

[compro01]

IMO, any union communications should be privileged automatically.

Re:

[JustShootMe]

But there's no way to tell that until it's already read, and at that point the damage is done.

Re:really?

[QuantumG]

Which is why employers shouldn't be permitted to read employee email.

Thanks for catching up with the rest of us.

Re:really?

[JustShootMe]

No, which is why you shouldn't send sensitive personal emails over a corporate network.

Thanks for being condescending.

Re:

[rtb61]

The reason why employers are entitled to read employees email sent from the employers email server with the employers email address is because the employer is legally liable for the contents of the email. The employee as far as any receiver of the email is concerned sent that email of behalf of employer and the contents of that email reflect the intents of the employer.

To avoid hassles, I simply opened up the email log file to all employees, so that any employee could peruse any other employees email, no

Re:

[pete-classic]

Yes, but surely not the work you're being paid to do.

-Peter

Re:

[Idiomatick]

IF it were well explained before i was hired that they did this i would be ok with it because i could get a different job if i felt it too draconian. Companies need warning labels "will read your personal emails" "will search through your blog and facebook accounts" "will ask you to cover up our incompetence" and that sort of thing.

Re:really?

[wvmarle]

As an employer actually I consider it a right to know what my employees are doing. When using company resources (telephone, e-mail, Internet, whatever) then of course an employee has a right to use it for personal matters, but that should be limited to the necessary.
For example, if they have to call their bank, then it always always must be done during office hours. But calling their lover that can be done after office hours.
For e-mail: most people these days have an e-mail address already. Personal things they should send using that e-mail address. Work things are for the company provided address.
It would be scary for me to not be allowed to check on my employees, to see that they are doing what they are paid for. Scary to be never allowed to read their e-mails, when I deem necessary (hasn't happened yet but it's possible) - the most likely situation for me would occur when a customer says "I sent that to this employee", who happens to be on vacation then, upon which I'd start looking through their company mail box.
An employee should know that this is company resource, and the company also should have a right to check/limit the usage.

Re:

[coaxial]

It would also be scary if you couldn't listen into their phone calls. But alas, that's already illegal. Why? The telephone privacy laws were passed in a much simpler time, when employees were viewed as people and partners, rather than "human resources."

Re:

[wvmarle]

One can always here half of the conversation.
Then there is still the practical problem that my staff is usually talking in Chinese... I can understand it only partly (enough to figure out what it's about) but when using Mandarin I'm lost :)
But still I get a monthly overview of phone numbers dialed (those out of Hong Kong) in the phone bills.

Re:

[Vellmont]

It seems completely logical to me and not even really an invasion of privacy cuz you should be ohhhh you know, DOING WORK

So if I take 5 minutes out of my day to make a doctors appointment, it should be totally cool for my employer to listen in on all the details because I should be "doing work"? I don't know where you work, but most workplaces outside of Taco Bell have a tolerance for short entries of your non-work life into the work day.

I'm not sure what the difference is if it involves a computer. It ma

Re:

[Martin Blank]

If you're in the US, most states mandate at least a couple of 10-minute breaks per day, and even in those states that don't, many employers allow for this. Other than that, do it on your lunch break, or before or after work. There's a lot of time to get on the calendar.

Re:

[Architect_sasyr]

Ok as an Australian SysAdmin and after discussing this with a few of my Sydney based counter-parts today we've come to the following couple of points:

1. A phone conversation may not be monitored or recorded without prior consent from both parties. This is exemplified in calling the local telco and being told that our calls may be recorded for training purposes (my ass) and if you don't like it tell them so
2. Web traffic log generation is covered by the usage policy on the network. Providing they've signed

Re:

[Jacques Chester]

So even if we have agreed to allow our SysAdmin permission to read our emails, should we wish to it can be taken to a federal agency and acted apon. It is thus illegal to read emails, regardless of what they have signed. If someone with more info on this than me could enlighten me further, be much appreciated.

That's pretty much the problem they're trying to solve, as I found out by ringing the right office: http://yro.slashdot.org/comments.pl?sid=521210&cid=23060106 [slashdot.org]

Re:

[Architect_sasyr]

It's so great that someone is willing to put in the phone miles to save my slack self doing it. I'm going to turn my spam filters off now and ask for a pay upgrade - damages for being forced to perform illegal operations ;)

Well if you're ever here in Adelaide drop me a line. Reckon I owe you a beer for doing the hard yards for the prolongation of the discussion.

Cheers

Eh.

[JustShootMe]

If the company owns the machines and the network, then the company is able and allowed to watch everything you do - particularly if you signed an employment agreement consenting to it.

This is not news. Frankly sometimes I think privacy advocates overreact - and I think this is one of those times.

Farewell, 9-5 Slashdot...

[Thornae]

I guess this is the last time I'll be posting from my (Australian) work computer.

Confused

[EdIII]

Are we talking about a government or the corporations?

If it's the government then they need to FUCK OFF. There is no reason for government mandated spying of corporate infrastructures. Period. If that is what is happening, then I can understand the uproar.

It it's the corporations, then everybody needs to calm down and put things in perspective. Corporations have EVERY right to watch what you do at work. It is not even "spying". If I hire somebody to fix my toilet, then although it may annoy them, I ca

Re:

[_merlin]

Corporations have EVERY right to watch what you do at work.

No they don't. In fact, in most of the world, they aren't allowed to spy on you without your consent. The USA just has a pathetic lack of privacy laws. Judging from your post and others like it, they've also brainwashed the population into accepting it. I don't want my freedom eroded any more than it already has been.

Re:

[mark-t]

No they don't. In fact, in most of the world, they aren't allowed to spy on you without your consent.

Why not? While they certainly shouldn't be allowed or permitted to spy on one in their own home or while they are on one's own time, if somebody is being paid to work, why should the employer have any less right to watch what they do than, to use the example the GP suggested, your own right to hover over the activities of the person you hired to fix your toilet? If a person isn't comfortable being watched

Re:

[Asic Eng]

Spying on someone and watching someone are two distinct different concepts. When your boss watches you, you know that he's there doing that - when your boss is spying on you, you may not be aware of it. Using your concept of watching what the plumber is doing: in the first case you are standing around looking at his work - in the second you install a video camera to secretly observer him. People are very uncomfortable with the second scenario - they feel violated. That's why companies shouldn't be permitted

Re:

[EdIII]

Why is it so hard to understand that practically EVERY company started out from the ground up? What is so different about a "mom and pop" startup and a 50+ year old company?

I understand that companies should not have rights, that people do. Well the "people" that own the company should have the right to monitor, audit, evaluate, etc. their employees.

Your distinction between spying and watching someone is irrelevant. While "spying" may be disconcerting to some, it is the only way to perform audits of corp

Re:

[Asic Eng]

I don't know why this is so difficult to understand: not everywhere in the world people follow US rules. In particular this discussion is not about the US, it's about Australia. I doesn't matter much what US employee manuals say in this context. And if you start your own company you will obey the laws of the country which you are in - if you don't like that go someplace else.

Well the "people" that own the company should have the right to monitor, audit, evaluate, etc. their employees.

What rights company

Re:

[EdIII]

Alternatively you can just keep saying "they should have this right", but that's not very interesting, and I think they shouldn't.

That's the only part of your post that I am interested in. I am not talking about the LAW. Laws are not "right" just because they are a law, and I am not even arguing about the laws in either the US or Australia in the first place. I am arguing about whether or not employees should be entitled to privacy at work in the first place and why.

You said, "I think they shouldn't". P

Re:

[Asic Eng]

It's really about the kind of country you want to live in - it's a choice. I don't want employers to have the rights to snoop on people who happen to work for them, because I want to live in a free society despite the fact that most of us will have to be employees of someone else. I also don't think that e.g. technically-oriented people are less valuable to society than entrepreneurial-oriented people, both are needed to build a successful economy. To me that means that one of these groups doesn't have the

Re:

[Moridineas]

in the first case you are standing around looking at his work - in the second you install a video camera to secretly observer him. People are very uncomfortable with the second scenario - they feel violated. That's why companies shouldn't be permitted to do it.

Interesting--the building I work in has two security cameras (we've had multiple breakins and the boss can pull up the images on his phone if the alarm system triggers).

We've never had a single employee complain that there are two internal cameras. Not one person has mentioned. Perhaps you are assuming that more people feel "violated" by cameras than actually are?

Companies don't have rights, people do.

So entrepreneurs lose their rights because they are being gasp dirty capitalists? If you want to go down the path of enumerating each and every

Re:

[CodeBuster]

The USA just has a pathetic lack of privacy laws.

The founding fathers were loathe to add too many things which they considered to be obvious to our Constitution because they were afraid that if things were enumerated to explicitly they would eventually become the only rights guaranteed to the citizens. Hence the broad language and latitude on matters not considered absolutely essential (like the Bill of Rights and there were arguments about whether to include that as well for the same reason described above). The fourth amendment concerning unlawful sea

Re:

[EdIII]

That's right.... I'm brainwashed. I did not immediately put on my "tin foil" cap, or adjust it, and start frantically typing into the keyboard about how governments and corporations are evil, and how certain governments are pathetic and that my rights are eroding! my rights are eroding!

I'm just as fanatic about privacy, anonymity, and government corruption in this world. I just have a "brain" and I like to use it too.

Judging from YOUR post and OTHERS like it, you seem to have an unrealistic, unethical, fa

Re:

[EdIII]

I find it very disturbing that you believe a private company has more right to spy on you than the Government.

I find it VERY disturbing that there are people that think otherwise. It's amazing the misguided sense of entitlement that some people have.

If we are using the US as an example, then I believe that we BOTH have the rights to the following:

1) "life, liberty, and the pursuit of happiness" so long as it does not affect the ability of someone else to "life, liberty, and the pursuit of happiness".

2) Pri

What happened?

[lelitsch]

I thought Australia voted John Howard out of office last year?

Re:

[dbIII]

Other important offices haven't changed yet though. Attorney General

Incorrect, there is a new Attorney General. While Australia is technically a monarchy in many ways it is actually far less so than the USA. The equivalent of the leading party in congress (called Parliment in Australia) appoints the executive leader (Prime Minister) who then appoints positions such as the Attorney General and Ministers of each department responsible for police, defence, roads etc. These positions are all filled with ele

How dare you....

[stox]

let facts get in the way of a politician's perfectly good diatribe. After all, they know more then you do, thanks to the taps they are already monitoring.

That count for MPs, too?

[whitehatlurker]

Since Parliament is subject to the will of the people, you too can now read your MPs email. Demand that and see what they say ...

PGP?

[homebrandcola]

Time to make sure my PGP certificate is still working ....

Let my employer keep business-originating communic

[icepick72]

If a corporation wants to sack someone they will find reasons besides snooping on email or IM -- that's just another tool in the arsenal but won't change anything. Should an employer have the right to read employee's conversations? I say yes, but only if the conversation has occurred using the business infrastructure like business email, IM from inside the business, etc. To draw lines, all that stuff should be available to the employer and the employee should be aware and use restraint. If an employee wants

Re:Let my employer keep business-originating commu

[Zorque]

I agree. While I don't really think an employee has to be busy doing work for every minute of the work day, they really shouldn't be using company time and resources to be doing a whole lot of personal business, especially any of the kind that would get them fired or arrested. The occasional e-mail or the nightly call home to the kids are fine as far as I'm concerned, but there's a point when it's too much.

Employers can already legally snoop on emails

[dropbearsrus]

IANAL, but my understanding is that it is already legal for employers to monitor any and all use of employees emails, IM, etc. The company owns the computers so they can do what they want with them. There is no distinction between work-related and personal emails if they were sent or received using company resources.
The Attorney-General says otherwise which is a surprise to me, and also I'm sure to much of the business and legal community. The legal advice to several businesses I've worked at, is that the

Re:

[Renraku]

The Hell They Can! (tm)

While this is true, they DO own the infrastructure, this doesn't give them the right to snoop on your communications. Consider using the phone..should they be allowed to record and listen all your phone calls? What about those dirty pictures you have in your sent folder on yahoo mail..should they be allowed to access those too?

The way it works in the USA is this. If the company owns the infrastructure, and the email is business related, they can snoop at will. If your email is ext

Re:

[deniable]

Yep, but in NSW they have to give you two weeks notice of monitoring. At least that's how it used to work.

They can't monitor phone calls because of the Listening Devices Act. (Which is why when you ring a call center, they have to tell you that they may record the conversation. You give them implied consent by continuing the call.)

In the US

[LS]

It's quite common for employees to have no expectation of privacy regarding corporate communication. Perhaps things should change in the US as well...

LS

It's a beatup about a non-story.

[Jacques Chester]

First I rang my local member, who referred me to Julia Gillard's office (she made the original idiotic statements). Her office referred me to the Attorney-General's office, as that's where it's coming from.

The nice functionary I spoke to there said it's a media beatup. Under Australian law it's illegal to intercept the communications of a third party without a warrant. There was some wondering about whether passing emails through a virus scan qualified as warrantless interception.

Rather than going through some court case about to settle the matter, it was felt that it would be easier just to amend the Telecommunications Interception Act instead.

So that's it. There's actually no story here at all. Though it did provoke me to write an angry rant [clubtroppo.com.au] before I started doing what the journalists should have done in the first place - check the facts.

Re:

[Jacques Chester]

And by way of full disclosure, I should point out that I ran as a candidate for a different political party at last year's Federal elections.

Not! by a lone 20-year-old

[frn123]

> -- never mind that the attacks were perpetrated by a lone 20-year-old and not by a foreign government or terrorist.

This quote is far from reality. The lone 20-year-old was the only one who got convicted, because he was the only russian caught who
lived in Estonia. Meanwhile the bulk of the attackers got away, because they live in Russia. And russia don't extradite their citizens (remember the Litvinenko case?). If you can read estonian, :-) see this link: http://www.epl.ee/artikkel/392271 [www.epl.ee]

A crude transla

Already legal in the US...

[MadMorf]

...It's called, "I own the equipment and I'm paying for your time, so you have no expectation of privacy. Deal with it!"

While you are busy...

[Rickus Dickus]

Dear Australian government,

Since you are so eager to protect your country from evil bearded terrorists, I would like to suggest some other sensible measures:
- employers can beat their employees with a stick whenever they do something suspicious ('suspicious' should be left vague)
- employers can impound the passports of foreign or poor employees and lock them up all day in overcrowded shacks with no airconditioning.
- employers can strip-search male AND female employees for dangerous substances that cou

Two thoughts

[mr100percent]

1. Usually it's implied that if you're using someone else's network (ie that of an employer), they generally have the right to peer at what you're doing. At least, that's the general consensus among the /. crowd in the states.

2. The reason given sounds quite shoddy. Who launches terrorist attacks from a work computer?

Re:

[SHaFT7]

can't you already do this in the states?

Re:

[speedingant]

Also in NZ. It makes complete sense! They have every right to see what is going on inside their own company, and what activity is going on inside their network.

Re:

[JustShootMe]

Funny story - where I work there is a very liberal network use policy - you can use it how you like as long as your manager is happy with your work and you don't shut the network down.

Someone shut the network down, I think with a P2P site.

The network guys sit right next to me. They were having a great time tracking down the culprit. And even funnier is people were coming out of the woodwork saying "my bad!" when it wasn't even them!

But I was very much OK with that. That person was saturating the network

Technology will overtake this

[countach]

Technology will overtake this. When everyone has an iPhone or like in their pocket, who is going to send potentially compromising emails through their employer?

Re:Technology will overtake this

[ozmanjusri]

I will.

But then again, I'm a self-employed masochist.

Re:

[it0]

No it does not.

I like the following example.

Let's say you take a piece of paper and a pen from work home.

Using this, you write a letter to whomever.

Do you feel that your employer is allowed to read that letter?

I find not, do you argue, that it was not done during company time? There are many times during work that I think of non-related work items, or make a private call if necessary. I also do some research at home for work or have idea's that are work related.

There are 2 keywords here:
1) privacy: private

Re:

[it0]

Same goes for a private phone call.

Yet it seems to be normal. There are a lot of valid reasons to make a private call during work.

By your reasoning it's also ok for the employer to check the text message on your mobile phone.

In the end it's all about trust, if your employer doesn't trust you, either you did something wrong or your employer is paranoid.

Ok...so...

[interactive_civilian]

That's not a very good analogy... it doesn't take place at work. It doesn't take place during work hours. Finally, you aren't asking your employer to deliver the communication for you.

Take the same example as the GPP, but do it at work. You have finished your work, so you sit at your desk, take a sheet of paper from the notepad paid for by your work, write a letter to someone with the pen provided by your work, put it in the envelope provided by your work, maybe even go so far as to use one stamp that was also provided by your work, drop it in the company mail shute, and send it.

In that case, is it OK for your employer to open the letter and read it before it leaves the building?

Re:

[Anonymous Coward]

If you're using your employer's resources, they have the right to monitor anything on their systems that they damn well please.

What the heck would you expect?

If you're worried about it, don't use company resources for personal access. Is this really so hard to understand?

Sheesh. This liberal feeling of entitlement has gone way too far.

In reality, many employers don't care what you do, as long as it isn't illegal or interfering with the quality of work. However, they do retain the right to intervene if th

Re:In Kiwi New Zealand

[Cassius Corodes]

Its not so much the new rules that anger me, for employers have previously just asked you to sign an agreement giving them that right, its that way they are introduced as to "fight terrorism". If I was osama I would be laughing my head of every time a new law is introduced to fight terrorism. We are just handing them moral victory after victory and they are just sitting in a cave somewhere.

Re:In Kiwi New Zealand

[MrNaz]

It's not about fighting terrorism. It never was. It's about power pooling into the hands of the few.

Re:

[Moridineas]

I was osama I would be laughing my head of every time a new law is introduced to fight terrorism. We are just handing them moral victory after victory and they are just sitting in a cave somewhere.

Please supply any evidence or even just reasoning that would explain why UBL cares one whit about civil liberties? Or how it could possibly be construed as a "moral victory"? Anything?

I don't get it--do you REALLY think UBL is cackling because bosses can read employee's emails now? I think the fact that that's how you are able to empathize with him and the al-Qaeda mindset is laughable, but in the end, very typical of many westerners.

Re:In Kiwi New Zealand

[Cassius Corodes]

Its not so much that he cares about civil liberties, champ (can I call you champ?) its that he is a terrorist, and his main job is screw with your head. When people are willing to be inconvenienced, champ, for the sake of protection from terrorism - he has succeeded for he has made an negative impact on your life. Now whether or not osama really knows or cares about this is largely irrelevant.

P.S. I'm not sure what sort of intellectual masturbation led you to assume I empathise with osama but rest assured that its wrong.

Re:

[Moridineas]

Its not so much that he cares about civil liberties, champ (can I call you champ?)

You certaintly may, though I'm not sure why you would!! (out of curiosity--why would you?)

its that he is a terrorist, and his main job is screw with your head.

Ok, I completely disagree with this. His "main job" is not to "screw with" anybodies head--he has a series of discrete and explicit goals that he has repeatedly laid out. These include Western troops out of the Arabian peninsula. In fact this was one of his earliest causes and the one that made him target the US in particular.Troops out of Iraq is another one. Similar motivations took him to Afghanistan to fight the

Re:

[Cassius Corodes]

Sorry if I was rude earlier, you turned out to be more reasonable than I had assumed.

1. I just like calling people champ - champ.

2. Yes and no, naturally he does have specific goals (I doubt anyone thinks he is a terrorist for fun) his way of achieving those is thru terrorism, which is to "inspire terror" in a population so as to achieve their aim - (this is where I get the notion that its a way of messing with your head).

3. I would disagree

4. Indeed, champ.

5. While I am not a native speaker,

Re:

[zsau]

Yes, exactly. I was one of the numerous readers who submitted this story, and my write-up focused on that point. So has most of everything I've seen about this. I couldn't wait until the "terrorism" thing got so far stretched that it was obviously stupid to anyone who cared to look; I think with this piece of news we've finally got there. Now hopefully people will start thinking about the link between terrorism and a proposed infringement on our rights --- not constitutional rights, because we, as Australia

Re:In Kiwi New Zealand

[MrNaz]

As a small business owner in Australia, I would like to make it clear that I would never read my employees' emails even if I thought they were stealing from me. I consider privacy invasion to be wrong, and as the phrase goes, two wrongs don't make a right. Invading privacy to stop them stealing is as wrong as breaking into their house to steal back whatever they took.

It is not possible for employees, in the modern day and age, to sterilise themselves personally when they walk into the workplace. They still have friends they talk to, they still have families they think about, they still have pressing non-work issues they need to deal with. Expecting this to all disappear at 9am and reappear at 5:30pm is unreasonable, and as a business owner, I don't expect it of my staff, even though (assuming it's even possible which it isn't) it may increase productivity.

If I have an issue with a staff member stealing or doing something else that breaks the boundaries or law or morality, I don't want to deal with that issue by breaking the boundaries of law or morality. I can and will intervene to protect my business, but only if I don't violate their rights in the process. I have yet (in 8 years) to come across a scenario where I was not able to protect myself and still follow this principle. I don't believe I ever will. This experience affirms my belief that one does NOT have to trade freedom and/or morality for security and/or order.

Sheesh. This feeling of "anything goes" in the pursuit of security and law and order has gone way too far.

Re:In Kiwi New Zealand

[Moridineas]

I am not a small business owner, but I work at a small business in the US, and I would just add that at my company, there's little to no privacy. There are only about 15 people, and if someone is out sick, on vacation, on a business trip, etc--someone else will read their email to see if there's anything that has to be replied to immediately.

This goes for the bosses computer+email too.

There have never been any problems that I've heard of--I mean the general standard is, if you're reading someones email and you see its personal, dont read it. Just look at the business email. Not always possible, but it hasn't been a problem in my experience.

I don't really think most people use their business addresses for personal email very often incidentally--everyone seems to use yahoo/gmail/whatever. (I know I do)

Re:

[stupidflanders]

I'm from the US. I work in IT. At every company I have worked for, you must sign a technology use policy form. Here are some real life examples of people who have been fired for misusing company technology:

• * Using your company email address to apply for other jobs (lead to early termination).
• * Installing a cracked copy of a video game on your company laptop, and being found in possession of 2,000+ illegally downloaded MP3's (proved by network and IP logs). The cracked game also happened to contain a troj

Re:

[uhlume]

"Liberal"? Fuck off, troll.

Re:

[daranz]

At home, on a LAN separate from the Internet.

Re:

[jobst]

make yourself a linux box not connected to the internet with two accounts, send an email from one account to the other ... make sure you close the blinds so no person can read your screen and keyboard.

Re:

[JustShootMe]

Oh, but it you're using a CRT, make sure you're in a faraday cage too. And I'm not sure what they can do as far as listening on LCD displays, but I'm sure there's something.

Re:

[Idiomatick]

You can also read keypresses on wireless AND wired keyboards from a decent distance.

Re:

[Nefarious Wheel]

And I'm not sure what they can do as far as listening on LCD displays

Not sure how accurate it is, but there's a lovely bit of discussion about hacking a laptop remotely via RF during the jail scene of Cryptonomicon. At least enough for me to wonder if it wouldn't work in the ideal circumstances described there.

I started thinking about that the first time I heard an AM radio tuned to an SDS 930's M register. I figured -- someday some spook would be able to parse that noise.

Re:

[JustShootMe]

That's ridiculous. If your employer has any reason to snoop on you, they should just snoop on you. They may not have known about things when you were hired, and why should they be forced to ask you in person instead of finding the information on computers and network equipment that they own?

There is no entitlement when it comes to work equipment. If you don't like it, find a place that doesn't do it. And if every place does it, nothing stopping you from building your own corporation that doesn't. That

Re:

[techno-vampire]

I worked at one place where I was pretty sure that one of their standard practices was pointless. (Not bad, just useless.) I emailed a question about it to a friend with more specialized knowledge, but because I was doing it from work, I used my gmail account. Nothing on that subject when through the company's mail servers. Not that they were snooping, but they certainly could have if they'd wanted to, and it was the type of place where I'd expect it. (A corporate culture of micro-management and second

Re:

[JustShootMe]

They could have been monitoring the network too.

They likely were not as it's a lot of trouble, but don't assume that gmail is "safe".

I know where I work there is a packet capturing machine. I don't know what they're using it for, but I know it's there. And gmail is not safe from that.

Re:Sound stupid to me....

[DustyShadow]

You should use https://www.gmail.com [gmail.com] for a secure connection

Re:

[JustShootMe]

Ok. Doesn't stop keyloggers though.

Re:

[CodeBuster]

Then you take out your trusty knoppix CD and boot the machine into a Linux session before connecting to your g-mail account. Unless they are monitoring the computer at the hardware level (unlikely) then you are secure in the knowledge that that particular communication will remain private.

Re:

[JustShootMe]

For the truly paranoid corporation, there are ways around that too. No, they can't capture your gmail session, but they can come around and try to figure out why the hell your system just went down. OR they could just be using a hardware keylogger... and when it boots back into windows it dumps everything it gathered while in linux...

We're admittedly getting into the realms of what a truly determined company could do and most are not truly determined. But I know in at least one company I worked at if I'd

Blocked! Here's how to get around it.

[daBass]

Many companies are now blocking web-based email providers.

They usually block not only by known hostname or IP, there are some smart systems that can identify things like SquirrelMail. And an old favourite is also to block based on educated guesses, like "webmail.mydomain.com".

So the best way to get web-based email through is to run your own install, on a host/domain name that does not include "mail" and such. And use HTTPS, that way the proxy can't see you are using SquirrelMail or similar.

Re:

[techno-vampire]

If I'd been working for a company like that, I'd have waited until I went home and emailed from there. As it was, I've no reason to think there was any systematic snooping going on, it was just the corporate culture I mentioned above that made me want to be cautious. I didn't expect any packet sniffing, but snooping around the mail spool wouldn't have surprised me one bit.

Re:

[JustShootMe]

Even though I know that, I use gmail anyway. The policy is very loose, and I think it's there to aid in diagnosing or tracking down when something goes seriously out of whack. I'm not worried about it. But I know they *can*.

Re:Sound stupid to me....

[holophrastic]

Um, hi. My name is Bryan. I run a business in Canada. It's my business and I'm accountable for everything that it does -- as an officer of the corporation. And yeah, you'd better believe that I read my employees' e-mails. How on Earth would you expect me to be accountable for something that I don't know is occurring? There are plenty of ways to get an e-mail address. The one that I give to my employee is for business, it's a convenient tool.

And it's no different than the paper "inbox" on their desk -- which is, of course, also owned by me, both the box and the desk itself. And the fact that it's clean.

Re:Sound stupid to me....

[JustShootMe]

Bah. You should not be sending personal emails through a business address for exactly this reason. It's not the fault of the business for snooping, but the fault of the employee for being stupid.

Re:

[Martin Blank]

I go to great lengths to keep my work and personal lives separate. If work wants to get in touch with me when I'm not on-site, they can call my company-issued Blackberry. Aside from HR, which is not allowed to pass around my contact information, and my manager, who I trust to not pass around the information I allow to him, no one has my home phone number, and no one at all has my personal cell number.

If my friends or family want to get in touch with me when I'm at work, they can call me on my personal cel

Re:

[JustShootMe]

I agree with this. The lines are a little more blurry - they have my cell and home numbers. But if someone calls it and it's not an emergency they get yelled at. My boss even told me, if I'm not on call, I don't have to take any work calls after hours - *especially* because my phone is not company issued.

I'm never on call, at least for now.

In principle, though, I'm with you. If the site isn't down in such a way that I'm the only one that can fix it - they can leave me alone, and they know it.

I'm of this mind too...

[Cyno01]

Its a little different because im hourly, but the principal still applies. If im on the clock, thats their time, and vice versa, i'm a real bastard about it too.

I've been paged to the floor while on my lunch more than a few times, sometimes more than once durring my lunch break. I'm punched out for lunch (company policy) and required to take one (state law) i made my bosses fill out the apropriate paperwork for me to get paid for those interrupted lunch breaks every time. Although personally i'd rather not

Re:

[dbIII]

98% of all the enquiries I get about "lost" emails are personal ones, and about 75% of those are really people wondering why they haven't got a reply yet to some chain letter or joke. It isn't just a waste of one employee's time it is also yet another source of unpaid overtime for sysadmins along with the usual stuff like employees deleting MS Office so they have more room for mp3's of what is really elevator music. We don't want to deal with other people scheduling complicated love lives on work machines

Re:

[Moridineas]

Wow, so within the span of two posts you go from

I Enjoy living in Canada for a reason. They don't do that here. .. my boss is not allowed to do this.

to:

It's okay to be snooping in on certain emails

That seems to be a direct contradiction!

Re:

[setagllib]

Hey, take it easy on the MCSE :)

Re:

[JustShootMe]

Unless your workplace bans encryption that they do not have the keys to, which they have every right to do.

I think looking for privacy in the workplace is stupid. It's kind of like having sex in the middle of someone else's yard and getting mad at the owners for watching.

Re:

[JustShootMe]

And you might not. In all cases, just because they can doesn't mean they do.

Re:

[JustShootMe]

Be that as it may, this has nothing to do with that.

Re:Having worked in security in federal government

[JustShootMe]

Huh? What does what you have to go through to get a security clearance have to do with employers snooping through work emails?