Microsoft Lync Server Gathers Employee Data Just Like NSA 207
coondoggie writes "Microsoft's Lync communications platform gathers enough readily analyzable data to let corporations spy on their employees like the NSA can on U.S. citizens, and it's based on the same type of information — call details. At Microsoft's Lync 2014 conference, software developer Event Zero detailed just how easy it would be, for instance, to figure out who is dating whom within the company and pinpoint people looking for another job."
Assume all MS products are spying on you. (Score:4, Insightful)
Can see how own network, messaging is being used!? (Score:5, Insightful)
I'm shocked and amazed. A company running their own messaging server on their own network can see how it's being used?!
Next you'll tell me that my company's email administrator can see email I send at work, through the server they administer.
Re:Can see how own network, messaging is being use (Score:2, Insightful)
Yeah, and for the morons using company resources to look for a different job: don't. Use your personal cellphone, or something otherwise not funded by the company.
today. (Score:2, Insightful)
So, as corporate policy becomes more like that of highschool, and highschool policy becomes more like prison, we're all kept in adolescent, fear-driven hell just a little more, already well past the sell-by date. Meanwhile, lawyers and software vendors write laws and software to profit from this stunting of society. More at 11.
um, yeah ... (Score:5, Insightful)
Re:Looking for a job on company equipment? (Score:4, Insightful)
A company that has to spy on it's employees deserves, a better business model, new leadership and a tax audit.
Re:lots of products already do this (Score:5, Insightful)
ALL PBX type software does this.
Anyone who wants to be able to bill internally HAS to keep this metadata to do internal billing.
Its also something that has been collected for the entire 30 years I've dealt with phone systems, and its not like it was new when I first started in telephony.
You're pretty fucking stupid if this is news to you.
Re:um, yeah ... (Score:5, Insightful)
Be careful, you are dangerously close to implying that it is good employees and not obedient workers that are actually in demand.
Re:today. (Score:4, Insightful)
Re:Looking for a job on company equipment? (Score:5, Insightful)
Wow, people really believe this sort of shit?
If it bother you that your employees are looking elsewhere for a job, perhaps try harder to retain them? I have standing offers to work for a couple of places, places that make the top paying employers lists. At this point in my career I don't really have to "look" for a new job, I just stop ignoring the offers. Yet I'm staying where I am - and not based on pay.
Want people to stay when they have plenty of choices? Try not pointlessly hassling them over shit like "using company equipment". You'd have to get pretty extreme with that sort of thing before you'd cost more than the cost of hiring someone new and them coming up to speed, even if you were such a dick that you even pay attention.
Re:Your reality check bounced (Score:4, Insightful)
Most workplaces (at least those ive been to) have a computer use policy.
Yes, often the kind of warning you're talking about is included. And I have no problem with that, provided that it is made clear that the employer is also effectively hacking connections everyone is trained to think of as being secure, such as the on-line banking example a few of us have mentioned.
However, I don't think a typical "we might monitor this stuff" footnote is adequate disclosure in that context, because the point isn't the legal weasel words, it's whether the employee understands what the situation is and can choose to act accordingly. For example, an employee who understands the situation might decline to check their bank balance from a work computer when management responds to their question about a missing salary payment and says it should have arrived now.
And really, I dont see why you think you get to set the rules on someone else's equipment.
Don't make this about me personally. It's about employee rights as part of a healthy employer-employee relationship and, in this particular case, about the mutual trust that is fundamental to that relationship. I don't even work as an employee any more, BTW, so I have no personal axe to grind here.
The point is that employees are not slaves and do not forfeit all rights just because they're working for someone else for money. The entire legal field of employment rights and the entire union movement exist to balance the greater negotiating power of the employer, so the employer can't exploit their advantage to impose one-sided conditions. As a society, we've decided that we won't always let employers do what they want.
If you want to affect policy, you should probably get a degree or work experience in IT so that you can make informed recommendations. Otherwise I recommend you leave that to those who have done so.
Wow. It's a shame I'm posting pseudonymously here, because I'd enjoy seeing you discover the stunning irony of that suggestion.
Let me leave you instead with an alternative possibility to consider. Maybe I've actually worked with this kind of technology for a long time. Maybe I do understand the IT implications of what we're talking about, and I do know why IT departments might have a legitimate business need to use these tools.
But maybe I also see the legal/HR perspective. And maybe my position on this issue is motivated not by the arrogance of the naive young employee you seem to think I am but by observing the real consequences after deals were jeopardised because someone screwed this up. Maybe I've seen people find out the hard way that employees/unions/courts didn't support them as much as they assumed they would. It's actually not that unusual if you see, for example, a US business in an M&A deal with a European one, where the cultural attitudes and general legal stances on employees' rights are very different.
Maybe I've concluded that this is a silly problem that is almost entirely created by institutional arrogance and personal egos in management/IT, and that the problem could be almost entirely eliminated by more enlightened management/IT being up-front with their staff about what is going on and why it's being done, and sometimes by providing alternative mechanisms that avoid the problem without compromising security or compliance.