Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
News Your Rights Online

Stealth Software Used To Spy On Employees 248

Baraka writes "As if reading the e-mails of their employees wasn't enough, some corporations have gone as far as to install hidden software on their client boxes. The software secretly monitors all keyboard and app activity. At the end of the day, the gathered information is e-mailed to the "offending" employee's boss. Read it and weep, folks. Looks like Big Brother is alive and well in the officeplace. "
This discussion has been archived. No new comments can be posted.

Stealth Software Used To Spy On Employees

Comments Filter:
  • If your employer's doing this, it should be a case of invasion of privacy. However, it isn't since your employer owns the machine and network, and all rights to monitoring thereof. That's why you need to install Linux on it, and just fire up fvwm95 as a WM and your stupid Dilbert-boss will never know the difference...
  • Since office work began, employers have monitored employee performance. Scrooge expected his minions to keep up the pace, or be kicked out the door. Time-motion studies decades ago were used to identify what levels of output the most efficient workers would be able to produce.

    This is just a finer resolution of detail. Instead of measuring completed documents, they're measuring sub-units of the document.

    It's annoying, but it's no different than previous measures of performance.
  • With all this spying on office employees. I feel a lot of people will become paranoid. I'm predicting a few frivilious lawsuits as well. After all, who does like to be spyed on?

    If I get a job at a place that has "spying" software, I'll feel like I am being violated in some way. Not that I'd pull a lawsuit at my employers, but I'd bring my opinion to their attention.

    -PovRayMan
  • as long as they keep these things out of the (public high) schools for 2 more years... I wont have to be worrying about it =)...

    however, what exactly is so bad that the employer would think they HAD to take measures like this? I mean surely it would have to be something worse than the occasional porn break wouldn't it?

    another thought... what are the possibilities of this being installed on someone's system and used to steal source code or other valuable information for a competitor? this just has all sorts of bad uses...
  • by bjk4 ( 885 ) on Sunday September 19, 1999 @02:45AM (#1674069) Homepage
    I was quite surprised by that article. It began like a sales pitch -- listing elite customers including sensitive government agencies. Then it switched gears and talked about the moral implications of this type of software.

    Actually, in retrospect, this might be a ploy by the company to generate interest in its product. The more controversy surrounding this product, the more people who are informed about it -- kinda like Apple complaining about export policies in order to brag about how fast the G4 is.

    Personally, I think monitoring is not a good idea. If an employee can double his/her productivity by taking short breaks to chat with friends online, then by all means that employee should do so. It should be painfully simple to discover when someone is making trouble online. At that point, convensional methods should suffice unless special surveilance is required. In general though, spying on employees betrays trust.

  • I'm not advocating that this practice is a good thing (personally I think it's very bad and will lower moral). But we should really expect that this is going on everywhere we go. You see it in malls, stores, city streets and in corporate offices (don't be suprised if they're watching you in the bathrooms!) with not so hidden cameras (were are the hidden ones, hmm). This technology has been around for at least 8 years. Now with automated updates (via you corporate net logons) they can add/delete and monitor everything done with your PC.
  • WinWhatWhere will never get a penny from me... and I will always refuse to buy something like this for my employer.
  • by Hobbex ( 41473 ) on Sunday September 19, 1999 @02:49AM (#1674072)

    It seems American companies are willing to just about anything to spy and generally make life suck for there employees, but at the same time I keep hearing about how companies are scrambling to find people for there technical jobs.

    If having to worry about finding another job is not a problem, why would anybody stay at a company when it starts spying on you, forbidding you to send private email etc etc? Is this just a matter of greed, because I know that as far as I am concerned some level of freedom at a job is worth a number of K $s.

    Maybe I'm just not disillusioned enough yet...


    -
    /. is like a steer's horns, a point here, a point there and a lot of bull in between.
  • I'd quit. If an employeer wants my expertise they will respect my privacy or I'm gone. A company where managers spy on their employees is not a place worth working for.
  • If anyone really knows how a PC works, then that stuff is garbage.. You can find out what processes are running.. simple ast ctrl-alt-delete for task man.. If you really are a PC user then you can easily bypass any of that type of software.. ON the other hand, you are at work.. supposed to be working.. if you need big brother watching you then step aside and let someoen who wants to work work.
  • Isn't it illegal in some states, to video tape
    employees without them knowing? This software
    seems akin to video taping. I know if found out
    that the company I worked for did this I would
    quit.

    Integrity is worth more to me than a paycheck.
    YMMV.
  • by Anonymous Coward
    Heh. Any non-standard configuration can have side effects. My personal laptop and my network monitoring server (both running Linux) are configured to ignore requests outside our local IP range.

    Corporate LAN staff decided do an OS survey with port scans. Both of my machines reported the port scans to me. The LAN admins got an inquiry from me to confirm it was a legitimate scan, and as I realized what probably happened I offered to manually give them their survey info. They seemed slightly amused that they'd been noticed. They also didn't complain about the machines having security settings too good for their search...

  • When I was working at Microsystems software (now part of Mattel), they developed a software sentry product. For a while, I would get a calls from the CEO to be asked "what is this program b.exe?", "what is this program, "l.cmd?".

    This product was done by the same people who now publishes Cyber Patrol. I believe that some of the code from the sentry product is in the Cyber Patrol product.


    Injured software engineer wins against Mattel! [sorehands.com]

  • by kuro5hin ( 8501 ) on Sunday September 19, 1999 @02:55AM (#1674080) Homepage
    Ha! I bet they pay for this "spying software" too. Just download a copy of BackOrifice 2000 [bo2k.com] and you're on your way! :-)

    This is why I use my own box at work. Well, ok, it's not really why, but it's one nice side-effect. Generally companies large enough to do this sort of thing have standardized on NT, and have nothing but point-and-drool admins who have no idea what to do with a Linux box. My workstation: I built it, I own it, I administer it, and it runs Linux. I trust my new employers [intes.net] though, so I don't think it'll be an issue. :-) They ran SMS at my last job-- funny story: When I first got there, they installed NT on my machine (of course it was going to get wiped and Linux-ed as soon as they left the room). I had to sit there and watch for 1/2 hour while they installed the system, set it up, created a user for me, blah blah blah. Finally at the end they set up SMS, and told me "I'm sure you know how to disable this, but please don't, because we need it to... yadda yadda yadda." I just nodded and smiled. Weirdly enough, although I was not allowed to disable SMS if I used NT, removing NT entirely was fine with everyone.

    ----
    We all take pink lemonade for granted.

  • actually there are some very simple ways to keep the process from being visible on the Task-Man. (forgive me I cant remember the API calls as of this moment)... However there are other programs available that will let you see 'invisible' tasks =)
  • by Anonymous Coward on Sunday September 19, 1999 @02:57AM (#1674085)
    Snooper software may catch who is surfing what sites, but is this good for business? Companies should IGNORE minor transgressions by employees, especially for employees in creative occupations (i.e., software design). To maintain a clear head and to stay creative, periodic breaks are needed. This may mean a quick game of Quake or Tetris, reading Slashdot, or netnews. So what if company resources are used for this? So long as the job gets done, let people enjoy their diversions. Cracking down on "unauthorized use" will not help the bottom line the way you may think. It will create an atmosphere of ph33r and paranoia that will actually end up hurting productivity than if you simply let things be. Can you work productively when someone's standing behind you staring over your shoulder constantly? Monitoring software is no different. So I say that as long as employees are getting their work done and not offending other employees (i.e., surfing porn where others can see it) ant not sucking up the company's whole T1 while engaging in brief periodic non-work activities from their private terminals and workstations, I say let 'em be. Happy workers are productive workers. No one wants to work for Big Brother. If my employer did this, I'd leave. Others would too. Of course, no company will explicitly say "Yes, you can surf pr0n, or play games on company time". Companies don't have to do this either. All companies need to do is evaluate employees on the results of what they produce. The means by which they do it are really a non-issue.
  • Not that I've used it but Donald Dick was just released.

    http://donalddick.da.ru/
  • You don't think SysAdmins in public education arn't looking?

    Well we are. We focus on the High Schools and to a lesser extent on the Middle Schools.
  • by BradyB ( 52090 ) on Sunday September 19, 1999 @03:07AM (#1674088) Homepage
    Well if anyone knows a little about how a computer works it's easy to find those processes and shut them down. I don't see that sending a private email to someone in your family is something that should get you in trouble via the company access. Porn sites and the like is not something you should be doing at work. Nor is chatting. Chatting for some is quite addicting and they tend to spend lots of time online doing nothing but typing little notes to people instead of typing said report that was due that day.

    The best way in Win 9x to see what's running would be msconfig in the run box. If some are really brave they can take a look at the Registry and find the Run under the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run and any of the other ones in that general area that have Run in them.

    Now as far as it being illegal for the company to do this. That depends on how you look at it. The network and machines are the company's property therefore they can dictate what can and can't be done on said network or computer. That's why I just bring in my own laptop and plug into the network they don't mind that since it's my own stuff I can break it all I want. As long as work is getting accomplished though I don't feel a company should monitor it's employees that heavily.

    This kinda reminds me of a telemarketing job I had for AT&T. They could always tap into your line and hear both sides of the conversation that you were trying to sell. You always knew that you had to not lie to customers on the phone and be nice and agreeable. But if you knew that Call Quality was on the line you would be sure to do stuff extra correctly. So if you know that boss is watching you probably wouldn't do anything you're not supposed to.

  • Actually if they have the security set up correctly in NT, you cannot kill the process (User Level Security)...
  • actually it is different than having your boss standing over you shoulder 8 hours a day... he can stand over everyones shoulder :).


    really thought. for that 8 hours your shoulder is his shoulder... he's the one renting it and the (Fuck You... -666 head blah blah) head attached. if this monitoring reduces productivity he will take it away... its an evolution of sorts..

    john
  • as long as they keep these things out of the (public high) schools for 2 more years... I wont have to be worrying about it =)...

    however, what exactly is so bad that the employer would think they HAD to take measures like this? I mean surely it would have to be something worse than the occasional porn break wouldn't it?


    It can be. One thing that is forgotten is that not every user is an idiot. We've got some people where I work who go out, download stuff, crack it, etc. I could possibly lose my job because of that. These computers are the *companies* property, not the users. As per the rights of their job, the user is allowed to use, within the restrictions set forth by the company, these computers. They don't have the right to break the law, install software(freeware, shareware or anything inbetween), or delete software.

    Also lost productivity. Those computers aren't there for you to have fun on, they're there for you to work on (granted, some jobs can be a mixture of both :) ). An App log of what's been run would report those who are doing work as opposed to those who are slacking.

    Much as I(we?) hate to admit it, work is for work. Admittedly, on a "lunch break" I wouldn't care if a user was playing a game of solitaire, or doom. But when they're using resources on my network under normal work conditions, and wasting that(the companies, and ultimately, my) time, that's when it needs to stop.
  • It's about trust. If an employer doesn't trust me enough not monitor every little thing I do, why would I trust them not to abuse their power?

    These types of managers are distrustful pointy-haired pinheads, looking for evidence to support their paranoia (paranoia brought on no doubt by the fear that their gross incompetance will be discovered).

    By the time a company gets infiltrated by these types they're not worth working for anyhow.
  • by Hrunting ( 2191 )
    Exactly when did employees monitoring their employee's activities become invasion of privacy? I could see the wrongdoing if the government was doing this to its citizens, but that's not the case. Companies own the product, they own the space, and as far as they're concerned you should be working on it. This isn't an issue of "Your Rights Online". Your rights in the workplace aren't the same as your rights in the workplace. Drug tests, mental screenings, and performance evaluations are all part of the game of corporate management.

    There's paranoia and there's stupidity. The line is fine, but geez, you can still see it.

    If you don't like the corporate policies, don't work for them. Either that, or get enough people to agree with you and form a union. In this country, workplace rights issues are usually hammered out by unions.
  • you can kill the process..simply install back orifice, get admin privs and kill the software. Note that most of these programs hide by "cloaking" themselves as an explorer task. Similar things are possible on unix systems by destroying argv[0] process args..but any program that uses a SysV call which doesnt report argv[0] (i.e. any non BSD ps or top) can easily see it.
  • Yes... but in my school district they have put up a fire wall (its annoying...) to imply that the students are completely safe (from what?) from anything 'bad' they might find on the net. Which also means... that is we can get to it it must not be bad... and therefore if it aint blocked its good. Now, I'm not saying this is a good policy I mean, they should just send out something to the parents to sign (like they'd ever actually see it=) stating the acceptable uses and the consequences for not following them. But with this software there would be no implied saftey, or anything that is agreed to. They would just know EVERYTHING that EVERYONE types into the computers, (and I really dont want them reading my outgoing email that I write from there occasionally).

    Just a side note... the SysAdmin's dont check where I go because I use the tech DNS server... hehehe.... shhhhhh... dont tell!!!
  • by seligman ( 58880 ) on Sunday September 19, 1999 @03:30AM (#1674100) Homepage
    You can easily use RegisterServiceProcess to hide the process from the task list in 9x.
    Also, many of these type of programs use a couple of tricks even then, for instance, they give themselves inoccent sounding names, and/or use shell hooks, which means the application's DLL is injected into other processes, no new processes created. A knowledgeable win32 developer can play a cat and mouse game to disable these applications, but the real issue should be with the employer, and why they feel the need for this. My employeer just runs a proxy to monitor what URL's I visit, and I think much more than that would be grounds to find a new job.
  • I'd quit.

    Agreed!!

    I've about had it up to here with these reports (not the reports themselves, but the content) that corp's seem to have it in their heads that since they paid for the equipment, they own it, and that by extension, since they pay for the employees, they own them as well.

    A coworker of mine recently sent a clipping out of the employee handbook from where I work that basically says that corp security has every right to arbirarily search not only my computers (one of which I've paid for myself - let the lawyers figure that one out), but file cabinets, boxes, drawers, and - get this - backpacks, briefcases, etc.

    I've been filing this kind of stuff under "Corporate Human-rights abuses". It reminds me of the same kind of nonsense one would expect from a facist government, not a modern corporation.

  • So, what were they using?
    BO2K?

    ;)
  • Don't get the impression that this is a common practice in the US. It wouldn't get reported as news on /. if it were.

    Besides, I'm sure they sell this software to all countries. Perhaps even to your employer...

  • by Anonymous Coward
    Yes, it requires for me to run m$ windows/explorer 98 on my system but since I also like to check my personal mail on 5 other accounts, I installed debian on a 200mb partition. Now my sysadmin wants my root-pasword because now he can't read my personal stuff... Like hell he won't...

    His argument is that he can't administer my system in case of mallfunction or when I'm not in the office.. He's just pissed... And he still hasn't got my root-passwd...

    That will teach him to install Lotus Notes on my system...
  • by Anonymous Coward
    At the company that I interned at this past summer, there was a policy to monitor the users. The funny thing was that only half the company was under this policy. The Business side of the company was quite strict (no changing the background, no outside applications, no games (even during breaks and the like), restricted/monitored web access). Many of the employees actually became less productive when they found out that they were possibly being monitored. They didn't like the idea at all. They were always just double checking that whatever they were doing "looked" right, even when they were doing something that was totally acceptable. But on the other side of the company, the Development side, there were no restrictions. This sometimes strained relations between the developers and the business people, because they felt that they should get the same rights to their computers as the developers. As this progressed, it just continued to go down hill, gossip was all over the place, and a couple of the people on the business side were talking about leaving.

    It just seems to me that the loss of privacy jilts the employees. It just makes them feel like little children being watched over, and looked down upon. I know that there are cases where monitoring maybe necessary, but I think that it should be a restricted power, one that is agreed upon on a case by case basis by the management, and is only used when there is just cause to warrant it.

    Just to note, the head of the IT department, was desperately trying to forge a plan to switch the whole company over to Linux. This company was very OSS/free software friendly.
  • You do realize, this can be stealthly done like viruses, infect the kernel or whatever to do this.

    Think of it, your suspected to be talking about nazi racism, your machine gets a software implant. You aren't root, shouldn't be otherwise you really do have right to do what you want, so you can't tell unless you do a netstat every moment.

  • Nope. I ssh/telnet into my home box, download the porn with lynx and view it with hexedit.
    Look a nipple: "A1 14 23 42 B1 07"

  • I don't think it's invasion of privacy in the legal sense, because it is in fact the company's hardware. I do think it is bordering on unethical, and very tacky. If a company wants to prevent inappropriate use of their systems using monitoring tools, out of respect for their employees they should make that policy known. Secret monitoring gives the impression that they're more interested in punishing violators rather than actually preventing the violations.

    The analogy I think of is speeding tickets. If cops really wanted to slow traffic down, they could stop their cars in a conspicuous location that everyone would see. Instead, they conceal themselves and catch people in speed traps, because their real objective is to raise money.

  • by Kaz Kylheku ( 1484 ) on Sunday September 19, 1999 @03:38AM (#1674111) Homepage
    What about office workers who are not ``technologically savvy''? Not everyone knows enough to look for and disable such a thing.
    Ignoring that, there could be nevertheless hidden difficulties behind trying to stop something like this. And not all the difficulties are necessarily technological.

    If the employer is running software like this one everyone's workstation as a matter of policy, then by disabling it, you are violating company policy. If you get caught trying to disable the software, you could be disciplined or fired. It would be trivial to design monitoring softwarethat cannot be simply turned off without detection. For example, the software could periodically respond to special pings from a central server. Hacking up software to fake the responses could be a major challenge depending on how the program is constructed. If there is some serious crypto authentication, it would have to be reverse engineered and faithfully reproduced in the impostor program. Most people would have to wait for some hacker group to release such an ``anti-big-brother'' impostor.

    Another problem is, it would seem suspicious if nothing is being recorded by the monitoring program. You would have to arrange for your impostor program to provide some sensible looking activity record while you conduct personal business. Otherwise you would have to explain the idle periods---and what if the monitoring is being used to detect idle workers as well as ones who are using the equipment for personal use?

    A third problem is that even though you stop keyboard monitoring, your employer can still snoop the network. Presumably, any interactions you have with the Internet go through the company's routers. The boss doesn't necessarily need a tedious record of your keystrokes; just some software that can monitor TCP streams and other data. By tapping TCP streams, it should be possible to recover telnet sessions, FTP transfers, ICQ or IRC chats, Usenet reads and posts, etc. This is kind of spying is probably a lot more useful than having some keystroke record. (Of course, one could use an encrypting proxy system, but that alone could draw suspicion.)

    I don't think that there is any real technological protection against this. Any such measures treat the symptom rather than the disease anyway! You have to treat the disease. If you happen to fall into such a predicament, organize with other users who are in the same boat, and let the corporation know that you won't take the spying. In other words, the classic organized labor solution to the problem of worker oppression.

    Failing that, terrorist tactics might work. The spying has to be implemented by another employee. Simply threaten to, in the parking lot, break the legs of anyone who supports the company's oppressive measures. Distribute an anonymous flyer which threatens to blow up the premises if the spying isn't put to an end by a certain date. Phone in bomb threats. Etc.
  • You know not all of us can quit these are our jobs. I know they shouldn't be doing this but you shouldn't be looking at porn when you should be working.

    rob
  • Um, why are you replying to me on this? I am not advocating but simply presenting a situation where linxu (or any os) is not the answer
  • better make sure it has a DES encrypted filesystem. Any sysadmin can simply type linux single at the lilo prompt and bootup as root without a password. He can then add a cloaked backdoor into your box. Alternatively he can just boot into your system from a slackware boot floppy and get root privs.
  • All this talk about employees goofing off at work got me to thinking.. Most of my friends who work for software companies spend a lot of their time in chat rooms, on MUDs, or something of the sort (they'd suddenly be having very loooong days at work if their companies were this draconian), and so I began to wonder..

    What does Linus Torvalds do at work? I mean, I can see his employer coming up and asking him what he's doing and Linus saying, "Oh, I'm just in a chat room. I'll get back to work in about an hour or so." Then his boss, "How long have you been chatting so far?" Linus again, "All day, really." Finally, his boss: "Oh, ok. Talk to you later then, Linus." I mean, what would his boss do.. fire him?

    Not that I think Linus would do that, really, but it's kind of amusing to think of the relationship between someone as respected for his achievements as Linus Torvalds and his employer if he did. :)

  • Personally, I think monitoring is not a good idea. If an employee can double his/her productivity by taking short breaks to chat with friends online, then by all means that employee should do so. I agree with you, that taking short breaks is good for productivity. BUT I still think that a company has the right to ignore that and disallow short chats, even if it is damaging to them in the long run. I think that they should be allowed to monitor employee keystrokes... but they should have to warn the employees first and have a well-stated proper use policy so the user can be safe to go onto chat rooms or type personal emails if necessary. --- "Progress is the god of the machine"
  • by Gromer ( 9058 ) on Sunday September 19, 1999 @03:53AM (#1674119)

    A company hires you to work for them. They have bought (or rather, rented) a product (your labor and skills) which they expect to pay the company back more than they spend on you. As such, they have a certain right (not to say obligation) to ensure that they're getting their money's worth. As I see it, this is perfectly OK, at least within certain bounds.

    First, they should make their monitoring policies clear. Monitoring performance is one thing, but secret monitoring is something else. Employees should know what they may be subject to, so that, if they don't like it, they have the option of finding another job without those restrictions. Second, they should monitor only the amount, not the content, of personal communications. As the ACLU rep in the article said, listening in on a phone call to a spouse is illegal, and a similar principle should apply to computers. However, the company should be able to keep an eye on whether the employee is e-mailing their spouse once a day, or every 5 minutes. Thirdly, any information gathered about an employee should be purged when they leave the company, unless said information is to be used in a legal action against the employee. Once the person is no longer employed by them, their right to know anything about her ends.

    There is a separate issue, which several posters have pointed out. Regrdless of whether such monitoring is immoral (and I don't think it is, within the above limits), it's just plain bad for business. Nobody wants to work in an environment where they are being monitored 9-5 every day, and the psychological effects of being in an environment like that could be enormous, not to mention the effects of being prevented from taking a break every so often. It is accepted wisdom (does anyone know of any statistics on this?) that people are more productive when they are in a work environment where they feel comfortable, and monitoring their e-mail and calling them in for a meeting with the manager every time they play solitaire is pretty much the opposite of that.

    Moreover, using this system to routinely monitor employees is a waste of resources. Looking for embezzlers and such is worthwhile, but not routine, wide-scale moitoring. There are much better ways of measuring an employee than how she uses her computer. The monitoring system measures input- how much time is being spent on work. But an intelligent company will realize that they don't care about inputs. They care about outputs, which are usually easy to measure by more conventional means (how much work the employee is actually getting done). The genius programmer who takes minesweeper breaks every hour, but pours out code at a spectacular rate, is worth more to a company (at least, to a smart company) than a dull, uninspired one who produces less, but faithfully spends all his time in the office doing work (at least, as far as his computer can tell).

  • Pr0n is one thing, getting bent out of shape because someone visited /. while waiting on hold on the telephone is another.

    I have never viewed pr0n in the workplace, yet having my every keypress and mouseclick catalogued, indexed and searchable would be dehumanizing and demoralizing.

    The employeer is better off just hiring people they can trust not to do stupid things.
  • How hard would it be to write a "confuser" that basically threw lots of extraneous stuff at the monitoring program? Something kind of like what the character in Cryptonomicon uses to confuse the Van Eck phreakers? I guess it all depends on how these monitors work. How do they capture keystrokes? And would it be possible to use the normal keystroke channel only for false (generated) keystrokes, and repoint apps to get their keyboard input from a different channel?

    Likely this wouldn't work for company monitoring (they'd call you up and tell you to cut it out) but as a defense against unwanted/illegal monitoring software, how feasable would this be?

    ----
    We all take pink lemonade for granted.

  • by VileVarmint ( 79007 ) on Sunday September 19, 1999 @04:00AM (#1674125)
    These guys really push my buttons....

    Look, if the company owns the network, and the hardware, etc.... that's fine, they get to say what happens on them. Do work at work, yes I agree.

    BUT! These are the same companies that DEMAND 60+ hour work weeks! If they're so anal as to demand complete control over everything their employees do, then they can pay for every stinking hour that the employee is there. Don't pay more than 40 hours? Then watch your employees walk out the door at 5 each and every single day. Got a deadline? TOO DAMN BAD. We all have to go home and live our lives -- since we sure aren't allowed to do anything personal at the office... right?
  • Why is it wrong for the govt, but not a company. If the logic is that a company should be able to spy, monitor and have complete control on it network, computer, and people to make sure it "product" is safe and secure, the govt has the same right to do this to any company. The company is using/operating on the govt soil/space, using people and resources from that country. and so govt should be able to spy and monitor and get to any piece of information when it wants.
  • any of the keyboard monitoring hacks for windows or dos can do the same thing. and theyre all free and mainly used for grabbing passwords..everyones been doing it for a while..nothing new. The only real problem is that script kiddies used to do it - now employers will start doing it. IMHO, different agenda but same sort of mentality - we want control and we dont have the knowledge to get it, so we use scripts. personally, as a sysadmin i find this disgusting.
  • Great, another example of how I wouldn't last in High School if I were there now. Hang in there son, and RUN FOR STUDENT OFFICE. They will ignore and persecute you, but at least you could represent your fellow students' opinions to those who don't care. P8c Bro. Oh and to the sysadmin for schools... :P - Paid Nazi.
  • by Teferi ( 16171 )
    This is very, very, very scary. What's next, keyboards that have monitoring circuity hardwired in? Monitors with hidden cameras? Mice with hidden mics?
    Or mabe I'm just paranoid. But I doubt it.
  • What? You aren't checking the elementary schools???? What horrors are you permitting the young dears to see... oh, my heart shutters at what a pack of slavering 3rd graders might DO after seeing "Naughty Nurses on Parade"!

    (yes, this was sarcasm)
  • The reason people stay is that 99% of the companies do similar things. True, certain companies have stricter policies than others, but in general all companies spy on their employees to some point. So moving to a new one really dosn't change anything.
  • note that its not that easy to get around. The software could easily be loaded via a patch to some other perfectly harmless software i.e. explorer. Alternatively some sort of company wide virus monitoring software could also be trojanised. Its not that difficult - viruses already do this. windows is full of holes, making it impossible to control.
  • ...So why are you complaining! You are at work,
    doing a job, using the employeers hardware,
    in the employeers building, doing what your
    manager asked you to do. Why on *earth* should
    you expect any privacy in that situation.

    Look, if you have to make a private phone call
    take a f***ing break, go to a pay phone, and
    do it. Otherwise stick to work. If you want
    to find out what's happening in the world, buy
    a newspaper and read it at lunchtime! Don't
    waste your employeers time, bandwidth, and
    electricity by sucking down www.cnnfn.com every
    10 minutes.

    I'm so sick of people deciding that they OWN
    the computers that employers purchase and put
    on their desks. You wouldn't run your own
    errands with the company delivery van, you would't
    use the company paint shop to repaint your car,
    why is the computer on your desk any different?

    Look, remember that anyone who has physical
    access to a machine can be running a sniffer,
    and the root/admin can read all, and stick by
    my rule of thumb: Never put anything on a
    computer you wouldn't want printed out and stuck
    on the bulletin board in the cafeteria.

    Rant complete.

    -- ac on this one
  • by homeSlice ( 88581 ) on Sunday September 19, 1999 @04:08AM (#1674135)
    There's am old saying in law enforcement. "Where one man can go, another man can go". If the crooks get motorcycles, the cops get motorcycles. If the DEA gets high resolution radar, the drug dealers get the same. Everyone gets so uptight about cracking and monitoring of computer networks, but this is the same thing. If someone puts a monitor on my box, I put a blocker on the monitor, and so on ad infinitum. In the end its about trust. If you have to work with someone you can't trust, you need to protect yourself. If you can't trust anyone you work with, you should do some serious thinking about why that is.
  • by Anonymous Coward
    Once a co-worker showed me how the old IBM mainframe at the place included a monitoring tool. It was quite scary - it let the manager see the entire screen of the user remotely, in real-time.

    Keep in mind that this was on a pretty old OS (MVS, with block text screens) and that nobody there knew it existed. One feature - it allowed you to assign the userids of people who could monitor you, and we tried it out. Really creepy feeling, watching the other guy's screen as he typed stuff.

    What spooked me was that it had been there for months, and nobody knew of it, or if they were being monitored. My mgr wasn't the type to do it, but who knows if there was some Stalin type surfing across hundreds of people's screens?

  • I'm in the same camp with you. If my employer wants me to stop bs'ing then they better give me some damn interesting work.

    By the way, what is PHB?
  • "Why is it wrong for the govt, but not a company?"

    I think you don't get out much.

    Haven't you seen the big corporate world government? Much bigger and stronger than
    any civic government out there?

    Want an example? Visit any airport.
    See how much free speach or freedom from
    search and seizure you have. Much less than
    under the supposed government of whereever you
    might be.
  • i have BTW. I've also looked at the lilo source. have you ? Note that lilo protection can be bypassed pretty easily..simply boot with a slackware boot disk and see how well yur secured lilo holds up.
  • You are there to do work, not surf the net for fun. If it is such a big deal for you then bring a laptop and use it for personal stuff during coffee breaks.
  • I work in a typical networked environment where all PC's (running Win95) log into one or more Novell 4.x servers using NDS.
    Obviously, by default, the Novell client tries to run a login script which is typically used to assign default drive mappings and the like. The login script can be enhanced to upgrade software, start default processes and anything else that can be done with a standard MS-DOS batch file.
    If I disable the login script, is there anything else the sysadmin is capable of running on my PC?
    FYI: Microsoft's NT client won't allow you to disable login script processing.
  • PHB = Pointy Haired Boss (reference to Dilbert's boss in the comic strip)

    What others regard as "slacking", I view merely as "efficiency". In business, the goal is to provide as little to the customer as possible, while still getting from the customer as much as possible. This maximizes profits, as long as you give just enough to the customer so that they continue to do business with you.

    This is the same exact thing that slackers do TO their employers. They provide just enough work to keep from getting fired, while getting as much pay from them as possible. Thus maximizing their profits.

    Companies don't want employees to think like this, though... they only want the company to act like that. But we're ALL indepedent contractors, whatever label our employers wants to stick on us.

    Everyone should give their employer as little as possible, and suck them dry as much as you possibly can. After all, that's what they're trying to do to us. Turnabout is fair play, and a lot of fun, too.
  • I don't see that sending a private email to someone in your family is something that should get you in trouble via the company access.

    Yup. Using the company's hardware (and time) for these private conversations is no worse than using their phones to make a personal call. And should be treated the same way. If the company allows employees to occasionally use the phones for personal business, they should allow similar use of computer terminals. Abuse of the telephone or the network to the extent that it interferes with an employees work can be dealt with without surveilling (is that a word) the communication.

    Porn sites and the like is not something you should be doing at work. Nor is chatting.

    Well no, but I don't think spying on employees is justified even in these cases. If their use of porn or chat affects their work, or that of other employees, it gets noticed. No surveillance needed. If it doesn't get noticed, then can it really be said to interfere with work? And if it doesn't interfere with work, why should the company care that it's happening?

    In short, I think it's okay for employers to have and enforce rules regulating employees' use of company communication equipment. I do not think it's okay to eavesdrop on those communications. The same rules should apply whether the communication is spoken over a telephone or typed into a terminal. The same rules should apply whether it consists of pornography, stock quotes, or a friendly call home to mom.
  • In Windows NT, unless you have certain priveleges, there is NO WAY to get around this kind of a program, at the company I work at, they give everyone local administrator privileges, but you still cannot kill certain processes (like the virus scanner), and you cannot edit or view the registry of your workstation.
  • Sell them to PHB's. Case closed.

  • People's workplace should be a non-threatening environment. If workers feel like they are being constantly watched, it doesn't create a conducive environment for productivity.

    I am a network administrator for a small-ish company. While I agree that breaks are needed to keep moral at a good level, and that breaks from stress increase productivity.

    The question is this: how can I decide, as an Admin, the defining line between an employee wasting company time and taking a much deserved break? It's impossible to set a standard for all employees company-wide. Different people handle stress differently, different job expectations cause different amounts of stress. Yes, I can draw the line and say "You are not permitted to look at pornographic material which at work." But I don't feel it's within my rights to tell an employee that they aren't allowed to use, for example, ICQ while at work.

    Employees must simply take it upon themselves to see that software like this isn't necessary. Don't abuse the freedom that an employer grants. I'm not saying you can't play a game of solitaire. I'm saying that you shouldn't play solitaire for 2 hours a day. Moderation. When an employer receives the perception that there is an abuse occuring, that's when software like this seems like a viable solution. Don't give them that opportunity. And if your employer decides to implement this software without provocation, then quit. If you aren't abusing the freedom you are granted, take your talent and abilities elsewhere. Chances are, that employer doesn't deserve you anyway.

  • I agree fully. Now...to all those who have been posting stuff like:

    "It's the company's property. What's wrong if they monitor every keystroke and email? You should be working anyway!"

    I have a question - what makes you support Big Brother? Ideologically, emotionally.

    What I find very surprising is the mentality of these people. Obviously, they are not powerful managers who would actually be doing the monitoring (or they wouldn't be reading /. on a Sunday). So they are cubicle workers who SUPPORT an attitude of fear and constant monitoring, but they haven't been promoted to management yet. So are they PHBs waiting to happen? Or do they blindly like authority?

    I have great difficulty understanding this mind set. So please enlighten me...if you're one of those people.

    Note - Don't reply saying it's legal, blah blah blah. So is FBI tracking of cell phone location, and I'm sure there are people who support it.

    My question is not the actual merit of the view, but the psychology of people who SUPPORT pointy haired bosses while being cubicle drones themselves. Why?
  • Many of the comments I have read have pointed out how "Orwellian" the policy of usage monitoring is. Comments have been made about disabling such software, and even "faking" a replacement. On the whole, I agree with all of that. I don't believe that an employer has the right to monitor every click and keystroke and keystroke an employee makes, any more than they have to monitor every conversation with every co-woker. However, there is one point that I have not seen discussed: what about the employer's rights? Don't they have the right to know that their propriatary software or data, which they may have spent millions on, is not being stolen by a disgruntled employee? For example, the article mentioned about one employee that was transferring data to a floppy disk. The best way such an action could be found is by montoring usage closely. The only other alternatives are a constant video survailance, or a search of personal belongings when one leaves work (both of which, I belive, are worse).

    Therefore, as long as the software is being used in a *controlled* manner, and only for very limited periods of time, on people who are suspected of wrongdoing, I could agree with it's usage. I'd rather be proven innocent by being monitored, then automatically assumed guilty!

  • Convenience store workers have a video camera on them at all times while they work. This isn't an invasion of privacy because they are on the job and the employer has a right to film his store. If the employees were being videotaped while they're at home, that would be an invasion of privacy. Same thing with your machine. Your employer has a right to track what you do while you're at work and while you're using their equipment. If you think that you should have more leisure time while at work, or if you think downloading pornography will increase your productivity, then talk with your boss about it. You shouldn't assume you have the right to surf the web while on the job anymore than you should assume you have the right to a six hour lunch break. Any time not spent working is a break, if your boss doesn't want you to have the break then live with it or find a new job. Few people have ever complained about convenience store employees being videotaped, why should computer surveillance be any different from video surveillance of employees?
  • by nil ( 26268 )
    The analogy I think of is speeding tickets. If cops really wanted to slow traffic down, they could stop their cars in a conspicuous location that everyone would see. Instead, they conceal themselves and catch people in speed traps, because their real objective is to raise money.

    This is not in fact the most effective method: you (the police) are then limited by the number of cars they have, which is usually less than the number of streets they need to watch. By hiding, they spread the uncertainty out: every road carries nonzero risk of getting caught, which effectively reduces the total amount of speeding.

    The analogy is a very good one, though: the threat of this software being installed on your computer is probably a more effective deterrant to your misuse than any actual monitoring.

  • I've worked at 2 difrent jobs. First one is a maker of hospital software, where I worked (I'm only 17, so it was more like learned and worked) in the IS department. Right before I left they started monitoring outcoming email, not for conten but for regularity... IE, if you got 10 outside emails a day not related to work, that's bad. We also blocked porn, hack sites (Though not /.) We objected to some of this, but the boss insited, since he believed taking time to do emails non-work related cut at company time. Granted, most employees only worked 9-to-5, but one of our arguments was what about the smokers who get 3 + cigarette breaks a day... totalling to, perhaps, an half-hour? I guess, bottom line is you have to monitor, 'cuz no one can be trusted. As far as punishment ??? I don't know.

    The second job I'm currently at is an ISP. Grand total of 7 employees, no blockers, feel free to do email at work... I feel motivated to work hard 'cuz he's given me the right to break loose when I need it... I wish more companies could try that model, though I do realise in a bigger corporate environment it is more easily abused...
    -philskyD
  • Known as the Network Device, The Webtop or the Network Computer (such as the recently released Sun Ray [sun.com]) may make it well nigh impossible to get around. You have virtually no access to anything except the apps (that run on the server, with, one hopes, fairly tight security).

    This environment makes it difficult to know what is going on, as it would all run on the server.

    Hmmmm . . . hack the server maybe, but there ain't much on the client to play with.

    -- Reverend Vryl

  • filtering can be done server-side rather than on the end-user machine. Our proxy can tell us who tried to access what site from what machine... therefore, it really doesn't matter if monitorings software is on the other machine.
  • I have had very little problem with issues like these working for small companies, those with about 100 employees or less. There are exceptions, but you can work around them, so to speak. Most small companies don't need such *BS* because they can quickly tell if someone isn't doing their job -- everyone is important and it gets noticed when someone slacks. People know each other fairly well and generally try not to offend each other. It's not a cold impersonal environment.

    Corporations, especially the large ones, have indeed made pyschological screening, insurance redlining, credit checks, drug-testing, and lack of privacy the industry standards they are today. The scariest part is that they have great influence over lawmakers and unless we fight it, choice may vanish completely no matter who you work for.

    The phone company owns the networks I communicate over, and it even used to own the handset in everyone's home. People *still* have an expectation of privacy in phone conversations, and have been legally upheld in this expectation. Its not the ownership per se, but the explicit signed agreement on terms of use that should dictate whether an employer can snoop or not. If I see such a clause in my contract I'll ask it to be struck, or keep looking, just as I do with drug testing clauses. Their power extends exactly as far as what we will put up with. Too much in my view.
  • Damn. Lucky Bastard.
  • thats what the des encrypted filesystem is for.
  • win95 gives everyone root privs w/o a password. He can simply physically go over to your box and run a patch against (say) explorer which does something like this. Alternatively the virus scanner or something invoked from the script could have already patched your system.,
  • Though I disagree with monitoring all that somebody does (it decreases productivity, it assumes they did something wrong, etc...), I must say that it is the employers right to monitor what you do while using their equipment, on their time, in their building and you are getting paid.

    If you don't like what they are doing, go work somewhere else, that is what America was founded on, Liberty. You can work anywhere you want, you don't have to work there.


    That's my 1/50 of $1.00 US
    JM
  • Video is ok they can't do audio tape though. If they don't have an audio track they can tape you.

    There was a chain of doughnut shops that got into trouble for the audio taping of employees. But the unblinking eye is ok with the goverment.

  • I just don't see how the people that work for WhatWinWhere can live with themselves. This strikes me as very immoral. (And I tend to think of the industry being enlightened to things like privacy.)

    "I always try to look on the bright sidem it's just that experience has taught me to expect the worst."
    -- Garak
    ST:DS9
  • 115k work visas for the US were all used up by June of this year. You know not of what you speak.

    Matt
  • Comment removed based on user account deletion
  • I was just rephrasing the original post where it said it was wrong of the govt, but okay for companies. Overall both corp and govt abuse power, but when govt abuse is mentioned to the people, everyone notices and reacts since they are also affected. With a corporation, nobody cares since it is just some schmuck working for some greedy corporation. That person isnt even given a chance.
  • Like any other human activity, there are lazy people, there are doers, and there are controllers; actually people are a combination of all three. Some doers do things by controlling others, but always with the end goal of getting things done. These people don't scare me, altho sometimes they annoy me :-) Soem doers have no interest in controlling.

    And then there's the controllers. They have no goals other than controlling. Nothing they want done, other than being in charge. And since they know they are non-productive, they have to make their bosses, who somewhere up the line are doers, think they are doers themselves, or at least have some use as paper pushing managers, because doers don't want to hassle with management any more than necessary.

    So these controllers need to generate activity and reports. What better way than this kind of snooping software? Never mind that a good manager would judge by end results. That kind of judgement requires long term observation and reasoned judgement. Controllers are ultimately cowardly, paranoid, and have termendous inferioty complexes. They know they are ultimately uselsss, so they have to work like heck to hide that with ridiculous reports. They can afford no criticism from below and have to direct all criticism from above to those below. They must shift blame elsewhere, and hope to get away with it as long as possible, before the doers above them get wise and realize the cost benefit ratio of a particular paper pushing controller is less than unity.

    --
  • Federal Law requires employers to allow a 15 min break for every four hours of work. Therefore, smoking or writing personal email (only company policy could prevent this)is perfectly legal. So screw the company's profits for 1/2 hour a day. They will live. We are working more hours than the Japanese now, I remember back when I thought they were nuts for working so much!
  • Where I work, we log all outgoing web traffic (via network monitoring, not via client-side logging). However, we only look at the logs if it is reasonable to suspect a certain employee, and we only look at the logs relating to that specific employee.

    That way, the employees don't feel like Big Brother(tm) is watching their every move, but we also have the capability to monitor specific employees when necessary.

    I understand that one or two people have been fired for viewing pornography at work. I don't see the problem with that. First of all, you should be doing work at work. That's what you're being paid for. But, more importantly, female employees can feel very uncomfortable when their male co-workers are viewing pornography at the office, and rightfully so. Many people consider it to be a form of sexual harrassment. Frankly, I don't see how it's harrassment, but I do see how it's extremely inappropriate.
  • To me, the main difference is that the cameras in a convenience store are known and visible. I don't have a huge problem with monitoring employees (although whether it's necessary is another matter) as long as the employees are informed that it is happening. When it's done secretly it makes it seem like a sting operation.

    Also, I don't especially agree that occasionally checking stock prices or news sites is such a grave offense against your employer. I'd put it on the same level as having conversations with coworkers about non-work related topics, which companies aren't trying to forbid (as far as I know).

  • I've about had it up to here with these reports (not the reports themselves, but the content) that corp's seem to have it in their heads that since they paid for the equipment, they own it, and that by extension, since they pay for the employees, they own them as well.

    They do not "own" the employess, but they have every right to tell them what they can and cannot do on the companies computer systems. They own the time they pay you for, and furthermore if you weren't doing things that were against company policy you would probably not scream so loud about this issue. I have not made use of this kind of tool yet, but if own the computer it is my right to see what it is used for.

    I've been filing this kind of stuff under "Corporate Human-rights abuses". It reminds me of the same kind of nonsense one would expect from a facist government, not a modern corporation.

    "Human Rights" you make me laugh, you don't have a "right" to work at a specific company and if you are doing something that could lose them money then they have a right to find out. Companies are not the gov't. All of this bleeding heart crap irritates me, you would take away the rights of the companies owners to satisfy yourself.
  • I think it's all irrelvant. Suppose they can do an exact screen replay of every screen, every keypress someone makes over an 8 hour day. If there are say, 10 employees then playing back the recordings from one day will take two weeks. Even if they can play back say, 4 at a time side by side, that's still 20 hours. Who has the time to watch all of that? Nobody. The product is designed to create a chilling effect, the hope is that employees won't do something because they're afraid they'll get caught... not that they can be caught if they do it.

    When I was in school the university decided over winter break to install cameras all over the computer rooms. A huge bank of monitors was setup in the data center to watch these cameras and everything was taped. A year later I was talking to an assistant who worked for the computing center. He said that they had tried to rewind the tapes to identify people who had caused damage to equiptment four times. They were only successful at locating and identifying one of those four, and that was when the manager of the system had staged the removal of a mouse as a "test". So basically they spent thousands and thousands of dollars on a system that did nothing. There's just too much data for one person to absorb it. Now they've turned the cameras off, but left the boxes there. People don't steal stuff because they're afraid too, and there's no ridiculous maintenance fees on the camera system.
  • Of course the employer has a legal right to engage in this kind of snooping.

    However, too many people forget that legality is not the same thing as morality. I dare say, that as a fellow Libertarian, you, more than others, should recognize that. It is because of the failure of most people to draw that distinction that we have the level of over-legislation that we see today.

    So, while the employer is almost certainly within his/her legal rights (at least in the US; I don't know for sure about in other countries), to do so as a manner of course would be highly unethical.

    As some others have said, however, if this is used only in the presence of preexisting suspicion, I don't see such an ethical problem. I suspect that the temptation to use it in other cases is too great, however, to be able to realistically limit it to only ethical use. Better to just avoid it all together, if you are an ethical employer.

    --
    Interested in XFMail? New XFMail home page [slappy.org]

  • 1. The software is specifically designed to hide from ctrl-alt-del, but it would be simple to write a registry scaner to ferret it out - the docs say that it removes registry entries, implying that it *does* make them.

    2. The real technological protection against your employer spying on you is to use decent encryption - PGP for email, SSH or free-ssh or stelnet for telnet sessions, etc. Be sure to kick that keystroke monitoring crap off your machine first.

    3. I'd really like to find someone that has it on their machine. What traces does it leave? Is there really a program called w3iuninstall.exe or similar? It should be simple to write a small program taht would warn a user if this kind of monitoring software is installed on their machine.

    I don't have a big problem with employers monitoring what I do with their machine on their time - as long as they tell me! That's why I have a laptop with Linux on it and a wireless modem - that way, no one but me can read my email that I read at work. :)
  • Would you be so against this if you could monitor what your boss is doing? And why shouldn't you be, because your boss doesn't own the equipment anymore than you do. You are both employees of the same company, and you both have a stake in making sure it remains profitable.

    Ultimately the shareholders own the equipment. So, why don't the shareholders monitor everybody, including the executives? Wouldn't an executive wasting time cost a lot more than a lowely employee? Is this is about making sure resources aren't wasted, or more about keeping people "in line"?
  • Unless I am totally off the mark about how this stuff is functioning, it would seem easy enough to write something that scrambles your typing according to pseudo-randomly-generated key bindings. It also seems that the more commercial and governmental entities push snoop stuff for shadowing their employees (all in the name of protecting shareholder value or national defense, depending on your sphere), the more room there will be for us to challenge with privacy-protecting code of our own.

    As a relevant aside, I have heard of some proprietary monitoring software implemented in Lotus Notes at a regional bank that actually did record how much time employees spent perusing emails and company memos (I suppose to see whether they were actually paying attention or in need of a possible attitude adjustment, a la Snow Crash).

    This would all be more frightening if the would-be big brothers were less naive and if I were less confident in the talents of the open source community.

  • And it always has been.

    The people saying that, while on corporate property, on corporate time, using corporate equipment, one must play by the corporate rules are basically correct. But the people saying that this is (or has the potential to be) a major violation of personal privacy also have their points.

    So what's the deal?

    The deal is, I think this is a tool which can be appropriate in a few limited situations with appropriate forethought and control. But I don't trust the teeming masses of management to apply it that way, and I expect it will be used as a sledge hammer.

    What are some appropriate uses? Look to the original article, expand on their examples, and qualify the usage. Like it or not, a lot of companies have some very important data and information-- sales databases, customer databases, source codes, proprietary technologies, even something as simple as employee salaries-- that they don't want tranferred out of the company.

    It gets worse when you start thinking about government or defense-related companies, where concerns change from corporate security to the national security information of a nation.

    Additionally, companies can get into serious troubles if their equipment is used maliciously or illegally, even if they had no idea what was happening, and did not sanction it. Consider a corporate machine being used to distribute or download illegally cracked game software. Now consider a firm in the United States working on a government contract, where an idiot employee does this. The company is now in serious trouble if this comes to light.

    Some of these things are going to be easy to detect, others, very difficult. And it is hard to tell a corporate security dude that he has no right to police his own equipment.

    However, I can't see any real reason to start subjecting all employees to this form of scrutiny. This, I think, should be reserved for the situations when there is already an indication that "something is up," and then used to clinch the case.

    Issue of productivity are, of course, either red-herrings or plain old misconceptions. There are time honored ways to waste time at work that have nothing to do with computers-- reading a newspaper, lounging, excessive coffee-breaks or chats with co-workers, and just plain old malingering will always be with us. Any supervisor who would need to rely on this sort of ham-fisted, intrusive foolishness should himself be fired for incompetence. A good supervisor relies on non-automated metrics of productivity, not automated metrics of diversionary activities.

    What this would resolve down to is a reason to fire someone. Dilbert manages to embarass the Pointy-Haired Boss too many times? Well, PHB downloads Dilbert's electronic records, discovers that he e-mails his mother once a week, and terminates him for mis-use of equipment. If it weren't, it would be someone else.

    So, it's a trade-off: Is it really worth annoying your workers by making the assumption that they are all crooks, criminals, spies, and professional malingerers, just to catch the 1.5 percent that are?

    I doubt it.

  • I read articles like this and nod in believing the truth of it (from news and word of mouth).

    Then I think about workplaced that don't and will most likely never have this, and again, I nod in believing the truth of it (again, news and word of mouth).

    Maybe the difference between the workplaces where something like this will most likely be implemented, and were it won't, depends on the computer-savvy of the employees at the place. I think about places that are most likely never to implement this, and I think of game programming shops, web shops, unix shops, etc.. basically where unless you are the boss' son, you've got your job because of your computer savvy. At those places, from what I've been told, they are relaxed, might be on IRC, might be ICQing, may send out 50 emails a day.. yet still get out the product on time. Maybe because they know how to juggle their computer time wisely (I know that when I'm not busy with research stuff at home, I can chat in 2 or 3 irc windows and still get web or java programming done). Which suggests that any job that requires compilation might lead into this :-)

    On the other hand, an office full of suit & tie bankers or accountants, that think the paper clip in Word is cool, might end up wasting hours on IRC or ICQ because they don't know computers and aren't efficient in doing something else while they wait for their friends to respond to mail (I've seen someone do this at my workplace. Type a message, sip coffee.. wait wait wait... message comes in...type a reply, and sip sip sip... an hour later, he gets back to work. Oy!)

    AGain, a lot of whether your workplace is computer savvy or not.

    However, I still stand by the point that if it's during the 8hr day that you're paid to be doing and on company property with company computer and a company-funded internet connection, the company has every right to watch what you are doing. They're stupid if they go Big Brother on the workplace, but they have that right to do that. And you have every right to find someplace that doesn't do that.


  • This contradicts what Gormick said above.

    Which is true?

    -
    /. is like a steer's horns, a point here, a point there and a lot of bull in between.
  • And the point is that the corporation isn't a government entity. It's not ruled by the people. It can't make treaties, etc. In the view of the government, the corporation has many of the same rights as the individual, and individuals have the right to monitor themselves how they seem fit, to a degree.

    Where's that degree? I don't know. It probably hasn't been defined, but people on Slashdot act as if it has been defined and is being violated. It needs to be defined first, and that's where trade organizations and unions come in.
  • I used to work at one of the 'Dilbert top 5' companies, they rolled out some snooping software in the guise of 'Asset Control' It tracked your machine's configuration. They did have a problem with theft even at this High-tech place with a LOT of highly paid engineers. So this program would report back every day what your hardware config was. Well, then soon after we had to report all the software on the machines, BillG must not have been getting his cut.. So then the software started checking for all your executables. You'd get dinged if you had anything other than the 'Official' programs on your machine. Try telling the software police, I WROTE that program, It's my code!! They'd look at you like you're some sort of subversive... Hmmm writes his own code, better keep an eye on this one...
    Then they started getting usage-based licenses, this required tracking also, the tracking program started running 100% of the time logging everything used on your system. It was a great tool to get rid of people, hmm, you're only using MSword 2 hours a day, you're not productive...
    I guess it didnt check how much time was spent in rebooting. If you disabled it, the manager of IS came around and had a talk with your manager about you disabling corporate asset tracking software, bad news..
    The only place that was safe was the lab, I took to hiding out in there with my un-monitored Sun and what the sysadmins called a 'Rogue' NT network. A friend who is still there has a Linux machine, they dont mess with him too much, but I'm sure the monitering software company is working on a Linux version.
    They had the idea that if you work for them, they do own you, they had drug tests and phone logs and all that. I got fed up and left to do contract work, for them sometimes. Things there have gone downhill, control-wise. They do work that requires creativity under this evironment. They've phased in NT corp-wide not because it's better, but because they can control the desktops better. It keeps a level of fear that stops any sort of dissent, if you dont like things, dont complain becuse they have something on you, and could always trot it out and fire you. A complete list of URLs is kept for every user, if you are a good boy, no-one says anything, if you are on the 'list' be prepared to defend every URL you ever visit.
    It's no surprise they are currently floundering internally despite having some new products out. This stuff started a few years ago, it takes time for a big corp to rot out it's insides until the outside world can see it, remember IBM?
    It's the corporate culture of control that kills creativity and runs off your best people, when I see the top folks leaving, it's time to get out.
    I'm talking about the people who are 'good' , everyone knows who they are, with the exception of PHBs and other weasel-types. They are the folks who really make things work. They dont have to put up with any crap. At the first sign the best jump, then as the BS rises, more leave and your dont ever see them replaced, sure, warm bodies may occupy thier old cubes, but things dont get done.

    (been there, done that, got the hell out...)

    Living well is the best revenge...
  • You make an excellent point about the danger of monitoring re insider stock information. I think the same argument could be made for medical privacy in a hospital, credit privacy at a credit company, or confidentiality of sources at a newspaper. Any company or government agency that claims to protect anyone's privacy has issues if they monitor their employees.

    In the context of current law though, I don't have an answer to this. If an employee engages in illegal activity thru company equipment then seizure for evidence is a possibility. Also harrasment suits from employees offended by other's tastes. To prevent that the company must become their own police force to catch criminals and harrassers before the real police or courts can.

    The question is whether the loss of employment and productivity due to the surveillance outweighs the risk to the company. For a small company this argument is more convincing, chances of criminal employees are not very significant, and harrassers are usually pretty well known as such fairly quickly. For a large corporation the equation isn't nearly so clear, they are almost gauranteed to see abuses. I still think zero tolerance for any discovered abuses plus insurance for liability might be a better route for them, especially given your arguments about liability due to additional people seeing critical information.
  • Your boss probably started way below and worked himself up the ladder. He knows what it's like up and down. You don't know what it's like to be saddled with his responsibilities.

    Yea, Big Brother loves you, he feels your pain, you don't know how lonely it is at the top. :P

    I'm sorry, but that is complete BS. You don't know how most people get their positions, and neither do I. But there is plenty of evidence that there are quite a few boneheads in positions of power. A little accountability from below, as well as from above, could keep costs down, keep workers happy, and keep the micromanaging morons out of the big chairs.

    Besides, I seriously question the competence of anyone who feels it is necessary to deploy clandanstine monitoring software throughout an organization. It might be useful for collecting proof for grounds to fire someone, but to do it to everybody? It increases costs, destroys trust and morale (if discovered, which of course it would be), and even opens the company up to potential lawsuits.

    And I do know most of my boss's responsibilities. And he'd probably agree with everything I've said so far. And I review his performance just as does mine.

    Shareholders are the closest thing to real owners of a company's assets. They may not be able to buy and sell them, but they are where the buck stops.

    A measure of an executives productivity is exactly the same as other employees, as far as measuring the productivity of any two employees is the same. Does he/she perform the job he/she was hired to do? How effeciently is the job done? Besides, you ever heard of a little thing called white collar crime? Embezzelment? Power without accountability can be a dangerious thing.
  • I'm writing this from work, on company time. I'm playing devil's advocate, but... Let's consider this for a minute from the point of view of the employer.

    - It is simply too much work to monitor all employee's 'break' habints individually.
    - Many employees (ab)use work resources for their entertainment or personal gain.
    - All employees are paid for a certain number of hours of WORK in a day.

    When I work, I am paid for my 8 hours, plus OT as needed. I expect to be paid for that amount of time, so why should the employer not expect to get that much work out of me?? It's only fair, equal work for equal pay and all that. In this, the employer is simply protecting itself from exploitation by workers. (the degree of 'break' is at issue though)

    Monitoring individuals is a resource black hole. It can not be done effectively without devoting a significant staff and resources. An automated monitoring system serves to gather statistical data about employee work and break habits, so that these statistics can be used to reduce privilige to 'acceptable' levels. What counts here is a conscientious and sensible HR/IT regulator that defines what 'acceptable' is. And hey, if we feel that our surfing during work hours is reasonable - and we expect out employer to trust us, why should we not trust that regulator to NOT be a slave-driver? If the average stats show a reasonable non-work usage, fine.

    If certain individuals skew the stats, they are singled out. Isn't that fair? Would we want to lose all access to /. just because one person stays on it all day? Should all web access be cut off because one person has a thing for kiddie-porn? Should all employees have to live within restrictive disk-quota policies because someone is running a rogue web business off of the company server?

    Monitoring helps the company protect itself legally from those few employees who abuse and expose the company by engaging in questionable or unprofessional behavior on company time.

    Monitoring helps the company protect itself from widespread abuse, by allowing the tailoring of 'freedom' to within acceptable levels.

    We have to remember that while we are being paid for our time, we are renting ourselves to the company. Our employment agreement states that we are there, working, for 8 hours per day. If we are not, then we should not be getting paid for that much time. If we are, then we are violating the terms of our rental agreement.

    We are the ones exploiting the employer, not vice-versa.

Swap read error. You lose your mind.

Working...