Slashdot Mirror
Employers Logging Keystrokes-What Can You Do?
"I live under the assumption that my employer cannot tap my telephone or open mail delivered by the US postal service and that I have the right to free speech under the constitution. Why is my E-mail and my very keystrokes on the computer any different? Please remember my work does not involve national security. Also, since this policy was not in effect when I started my employment what are my rights if I refuse to agree with the conditions and log off?"
What does one do (aside from up and quit) when you discover that your employer is spying on you -- by any method? I can understand an employer wanting to know what his employees are doing, but there is a line somewhere they shouldn't be able to cross (employees have rights, too). Where that line is, however, is anyone's guess.
More likely in this case, they would probably reconsider his employment. The government doesn't have much of a sense of humor.
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
Apologies for going over the top, but the circumstances you describe are very different to that implied by your original post. Doing a search as a one-off as a result of coming across kiddie porn is entirely sensible.
I'm slightly sceptical about the kiddie porn business though. It's the example that's always given whenever politians try to justify surveillance, encryption bans, whatever. What kind of admissions policy would hire someone stupid enough, nevermind sick enough, to view kiddie porn in a government office ? Do you think that blanket surviellance of the population is justified (we must protect the children...), after all kiddie porn is equally detestable at home or at work ?
I'm not arguing that employers don't have the right to monitor their employees, just that it's usually misguided.
> I would far prefer competent creative employees doing their job all the time
Does the word "Duh" mean anything to you ? The point I was making which you ignored (reasonably considering my rudeness) is that it makes far more sense to judge people according to what they produce rather than how they spend their time.
Suppose I have 2 employees: Bill produces 10 widgets a day, Fred produces 5 widgets a day (of equal quality), Fred spends his whole time working diligently, but Bill spends half the day masturbating in the bathroom. I would fire Fred before Bill. It would be even better if Bill cut down on the wanking and produced 20 widgets a day.
Distrust and intimidation is seldom an optimal way to get better performance from your workers. It might be a reasonable way to run a cotton farm with slave labour, but it's less effective in a software shop.
http://rareformnewmedia.com/
A sane organisation judges employees by their performance, ie by what they achieve, not by whether they had "inappropriate images" in their cache.
/. than some self-righteous prick who thought a good use of his time was snooping on other employees. If they're good at their job, I couldn't care less how they spend their time.
Who cares much time is spent working, what matters is what gets done.
A competent creative person will achieve more of value in 30 minutes than some droid who diligently spends 50 hours a week "behaving professionally". I would far prefer employees who browsed porn or spent the odd hour checking out
If they're not, then they can "act professionally" all day long, and I'll still fire their ass.
In the commerical world this is self correcting, companies with their priorities screwed eventually go belly up. There's no correcting mechanism in the public sector, you end up with bloated monsters that piss taxpayers money away paying a bunch of useless cretins to stare up each others asses all day.
http://rareformnewmedia.com/
Do they have an -ethical- right to monitor? No.
Ethics and business are often incompatiable, sadly. One place I used to work, I was informed that I had acted "improperly" by implementing recommendations formally presented at a security briefing. This is not uncommon. When it's a show-down between politics and common sense, politics WILL win.
"By hook or by crook..." (Number 2, intro to The Prisoner)
The more I've worked, the more I realise that the TV series "The Prisoner" was an idyllic futuristic dream, by a hopeless optimist. For all the brain-washing, torture and pressure put on Number 6, not one single Number 2 ever pretended that they had the moral high-ground.
As for what you can do. Well, you can remap the keys, and write a simple substitution program that sits on INT 09. That way, it doesn't matter if what you type is logged. Your boss is unlikely to spend the time decrypting it. However, they are likely to regard that as a hostile act on your part, and subject you to disciplinary measures.
Alternatively, you could use macros and function key definitions extensively. That way, what you type can make sense, but be subtly different from what the computer actually sees. The problem here is if your network is being monitored. The discrepency will eventually show up, and you'd probably be whisked away for intensive interrogation.
The third option, though potentially the most dangerous, is to combine the last sugestion with IP spoofing and IP monitoring. This would involve redirecting the -real- network requests, such that they don't return to your computer, directly, but rather to your subnet. From there, you can sniff them and process them as if they were to you. (You can't just multi-home your machine, as it would be too easy to pinpoint which machine the communication was for.)
This is exceptionally dangerous, as the penalty for being caught would be gruel and striped pyjamas. On the other hand, if you spoofed it to whichever senior official ordered the monitoring, either the entire work-place will go into panic-mode, or the matter would be quietly and discretely ignored.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Yes, emphatically. Either teach yourself to lie (not a hard skill, just ask any one of 100 million salesmen across the world), or convince yourself that you really aren't lying (Never underestimate the power of rationalization). Most of us could beat a polygraph given a few hour's practice.
--
I think there is a world market for maybe five personal web logs.
That's not entirely true. Instead of quitting you can threaten to quit. Or you can write a letter complaining about the situation without including resignation threat.
Quitting fixes the situation outright, by removing yourself from it.
Threatening to quit or complaining (or, preferably, both together) works far better if everybody does it. You can even do things like not show up for work until they agree to stop. One term for it, if you do it all officially, is "forming a union".
Hey, at least they're nice enough to warn; no requirement for that. They could do it legally with no disclaimer.
At some point you'd probably have to connect to your employers network, so if they aren't able to scan you directly they'll just sniff what comes over your connection.
Sniff away; all they'll see will be ssh packets to and from my servers at home.
--
As long as they've notified you upfront that they're logging your keystrokes, they're within the bounds of the law.
Sounds like a standard systems disclaimer to me. Not many employers use keystroke monitoring on a wide scale, just because of the space requirements and implementation difficulties. (Now, think of a keystroke capture app that could, in real-time, detect unauthorized behavior -- *that's* an idea! A rather Orwellian idea, but an idea, nonetheless.)
Such disclaimers are very common in the corporate world. Prior case law has struck down computer crime prosecutions simply because the systems in question did not clearly lay out access rules and regulations. Therefore, most corporate servers -- and, increasingly, corporate workstations -- display this boilerplate in order to support prosecutions against those engaged in unauthorized access.
Now, as the Larry Wall case shows, the line between "authorized" and "unauthorized" is very thin indeed. Don't forget to ask for your manager's approval before setting up that e-mail proxy....
But if you have sufficient access to your own desktop, shouldn't you be able to kill the logger?
Sure, you could. But since you are (we presume) working at a government installation, processing sensitive and classified information, doing so would likely get you put under investigation for espionage.
Even if you are innocent, that is not something you want to have to go through. And if they find you were doing something bad (like selling secrets to the Chinese), you get an all expenses paid trip to Leavenworth.
Trust me on this: You DO NOT screw with the Security Police.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
I don't think bringing you're own laptop or whatever would do it. At some point you'd probably have to connect to your employers network,
Not necessarily. If you plug into a phone jack and dial out to your own ISP, there isn't much your employer can do about it (tapping into a modem connection demands specialized equipment that usually only law-enforcement agencies have handy). Also don't forget the SneakerNet -- and wipe the floppy afterwards.
The point is, your laptop is your private property and nobody can take a look at what's inside without a court warrant.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
I don't think bringing you're own laptop or whatever would do it. At some point you'd probably have to connect to your employers network, so if they aren't able to scan you directly they'll just sniff what comes over your connection. Plus, if you're sending email from your own non-employer email to your co-workers, I'm sure they'd just be more dilligent about scanning the email of whoever you're talking to...there's now way to win. they control the horizontal...they control the vertical...
"Leave the gun, take the canoli."
this is just a placeholder till i send back my real sig from the future.
Courts have previously held that the government has to take into account the fact that it is bound by the Constitution.
And why shouldn't a private employer be held to the Constitution also? They are located in America; shouldn't they have to play by the same rules as everybody else? Something is really wrong here.
DNA is a Turing machine. You, however, being dynamic and emergent, are not.
I saw that, and I completely agree with you. Everyone freaks out about Lee because he's not an American, and Deutch is using classified documents unprotected on his home computer. The computer he accesses the Internet with. Barely made the headlines....
Big Brother, where are you when we need you?
Two things for you:
1. I would really like a good reference to the alleged article describing the "inevitability" of an accidental nuclear launch. I don't believe you or your source, so give me a bibliography. It had better be something better than the National Enquirer.
2. $60-70 per barrel for oil would cause a world catastrophe. Not in the U.S. We would be affected, but we also have enough money and resources to get around such a problem. I think most of Europe would be just fine too. They are already accustomed to high fuel prices. The real devestation would be, say, farmers in Africa and South East Asia, who just bought their first farm tractor, only to see operating costs triple or quadruple. All because of some conflict thousands of miles away from them that they have nothing to do with and no control over.
And by the way, if New Zealand were to call the United States a "Rouge Superpower"...
>>New Zealand, for example, would face serious consequences.
WHAT? What are you talking about? Do you honestly think that a tounge lashing by New Zealand would concern the United States? Serious consequences? What serious consequences? Carol Mosley Braun (the U.S. Ambassador to N.Z.) might have to schedule a dinner party.
This is not to say that N.Z. is unimportant. The reason that N.Z. will never have anything to fear from the irrational juggernaut that is the U.S. public is because they are not trying to buy ignition devices for nuclear weapons from unscrupulous companies. They are not trying to buy the worlds largest cannon from other unscrupulous companies. They are not stockpiling Anthrax or VX gas. They do not have an arsenal of unguided ballistic missiles.
I have to say that your argument is unconvincing. Even the link that you provided is a little sketchy. Many of the "incidents" described by this link involved nuclear weapons not containing fissile material. Nuclear weapons that do not contain fissile material are not nuclear weapons. They are only bombs.
This is not to say that any of the accidents involving fissile material are not serious. Contamination is very serious, and plutonium is one of the most deadly substances known to man. But we are not yet approaching the seriousness of a nuclear detonation.
The reason that I say that rising fuel prices would have more of an effect on undeveloped countries is because they do not have the resources to do research into alternative fuels. High oil prices would only speed the research that is already being done in the west to eliminate dependency on oil.
As for New Zealand. I did not intend to infer that New Zealand is an insignificant nation. My point was to say that New Zealand, unlike Iraq, North Korea and to a MUCH LESSER extent, China, is not about to have a war with the United States or one of its allies. New Zealand is not threating to invade its neighbors and is not threatening world peace. Nor is it ever likely to want to. That is why any statements that New Zealand makes regarding the politics of the United States are not going to cause much concern in the U.S.
You are certainly correct, or close enough for the purposes of this argument. Whether or not Fermi does any research is not the basis of my argument.
What I'm trying to say is that when you mention DoE to Joe Schmoe on the street, my guess is that nine times out of 10, Joe's going to be thinking about nukes. When Joe Schmoe starts thinking about nukes, he's not going to listen to reason. He's not going to care that Fermi is doing important particle research. Most Americans think that fusion reactors can go critical and explode. Most Americans think that fission is too dangerous to warrant building new nuke-you-lar power plants. Most Americans probably also think that all the DoE does is build nukes.
I'm not trying to say this argument is logical, or even morally correct. In fact, I believe it is neither. The problem is that when you deal with computer secrecy for the DoE, then you can easily build up the mass hysteria that the United States is prone to. I'll bet most Americans would chose to have the Chinese man (sorry I forget his name) accused of spying at Los Alamos strung up rather than give him a fair trial.
I guess my argument really is this: When dealing with what the DoE does, the public will willingly throw out logic, political correctness and even the Constitution of the United States of America. And if the public won't, I'm sure the NSA would be more than happy to oblige.
The reality is that not only do they (not only the DOE but any employer) have a right to monitor your phone calls, and your emails, and your key strokes, they can also ask you to take random drug tests. The only thing they can not monitor is the break room and the bath room. Otherwise, they can put cameras everywhere. Why? The short answer is that employment is voluntary, so you can be asked to give up your privacy, in exchange for a job. An excellent article on this can be found here.
As a side note, the reason most Silicon Valley employers don't do any of this monitoring is that they KNOW they'd lose employees. The only real way to fight this is to band together, and to inform management that all of the technical staff will leave, if monitoring/drug testing is done. They can not afford to lose the skilled folks. So, they'll usually cave.
Remember, the only power you have is that they need you more than you need them...
Email, webhits and network traffic can obviously be logged. Whether it is, or whether those logs are analysed is a different matter.
But if you have sufficient access to your own desktop, shouldn't you be able to kill the logger? What are common logger names to we can seek&distroy? Or are they usually hidden process that can evade the tasklist?
particular argument is correct, but it is a compelling argument,
and many will think that. It's hard enough to make sure that
security is air-tight for the areas where it's required without
trying to make sure it is air-tight ONLY where it matters.
Got to disagree: I think you can't get security right unless you
make distinctions between level's of security. If you try to make
everything an organisation does operate at the highest level of
security, then people's day to day antipathy for the tiresome
bureaucracy involved will make them conspire against the security
measures: as is happening with this Ask Slashdot.
-- Life is short. Forgive quickly. Kiss slowly. ~ Robert Doisneau
Or if you grant access to it, but then you can set the terms. Personally, I am willing to grant access to some of my own machines, under certain conditions. The conditions are just a bit
None of these terms is unreasonable, and few people would be willing to accept them.
The net will not be what we demand, but what we make it. Build it well.
I don't know about you all, but what good would this do with Unix users? I use Nedit, so I'm more often cutting and pasting with the mouse than typing out full lines of code. Lots of people use vi, who the hell could tell what they actually typed with all of those silly keyboard commands? (not that there's any thing wrong with them, please don't flame me =-)
What if you knew this and avoided _typing_ anything sensitive? Once my keyboard went out and I shut down the computer by X copy/pasting 'shutdown -h now' after su'ing... The keyboard wasn't involved. What are they going to do, log the screens and mouse clicks? What do they do when you place the insertion point somewhere else? What kind of gibberish are these people looking through?
You could enter 'sensitive' text without using the keyboard, then the benign stuff by typing. In short, who cares?
The company owns the hardware, network, data, and your time between breaks. If they want to monitor your keystrokes, that is their perogative.
The company where I work has two kinds of phones -- the supervisor model has a monitor function that allows the manager to listen to all phone conversations of any employee in their department. You just don't have personal conversations with inappropriate content and there will be no problem. If you can't deal with such a policy, start your own company.
For reference, the standard disclaimer for a National Lab's web site can be found at Sandia National Labs Web Disclaimer
I work at a DOE installation also. Their lawyers are VERY highly paid, and unfortunately, they have the Supreme Court on their side. You don't own those computers, they do. They can (and DO) do anything they want.
As a side note, our local DOE folks also monitor your web surfing, and log ALL your page requests. They also block any https:// connections, as well requests to sites on their "Evil waste of time" list, and they grep through their logs once a week searching for "keywords" ( sexy, pussy, xxx, porn, pr0n, etc). You basically have no rights to privacy since it is their equipment, not yours.
As a side note, we all just got email saying that all of our phone calls were logged, and that we could be expecting visits from our management about some of the more questionable phone calls. (In other words, more than a few local calls a day, and any long distance calls.)
As a side note, all businesses have these rights, but most choose not to exercise them.
Deal with it, or leave. The labs ARE NOT,
WILL NOT,
CAN NOT
be part of the real world.
LongTail SSH Brute Force analysis tool is here!
So maybe we shouldn't ignore it, but what if this sort of intrusiveness does stand up in court (IANAL, but this sort of thing is pretty common to my understanding, so I would assume that it's on reasonably firm legal footing)? In many cases, it's not as though we can go elsewhere to do our research. I'm a high-energy physicist. High energy experiments are very expensive, with prices that reach to the hundreds of millions of dollars. In the US, there are only a handful of labs that do it. And guess what? They're almost much all DOE labs!! What's more, depending in the type of work you do, you are completely limited to DOE labs. Even working in other countries isn't neccessarily an option, depending on what you want to do.
That being said, I'm not too worried. I think this sort of thing is probably restricted by some sort of "probable cause" consideration. I rather suspect that the sysadmins take that particular warning as seriously as the rest of us do. It was imposed from on high, not by the people who do the real work of maintaining the systems.
At the end of the day, many scientists don't have too much choice in the matter. The question is whether this represents a real threat to our privacy, or if it's just a way of placating the federal government. I think it's the latter, although it does perhaps open some doors that are better left closed.
Good point, but if you don't like McDonalds you can work at Subway, Steak & Shake, etc. It is true though, when I was working at McDonalds, it wasn't because they respected my freedom, but rather, I really need to pay rent (at least that is what my landlord was saying at the time). True most places will strip you of all rights when you walk into the door.
The laws (freedom of speech, freedom of relgion, freedom of press) are for the US goverment. Sorry if I don't include forgien countries, but I don't know there laws there. The laws are in place so that the (usa) goverment can't screw you on basic freedoms, they aren't there to protect companies, citizens or others from taking these rights away, they are just there so the person has a right that the goverment can't take away.
Almost any private place is going to take away you rights. If go into church and pass out, let's say "satan is sexy" bumper stickers, the church will (more than likely) ask you to leave. You scream "Hey man, I have the right to do this". Yes you do have a right to do this, from the goverment, the FBI isn't going to step in an drag you away, the CIA isn't going to sniper you, the goverment really doesn't care what you views are (at least that is what they say). The people that ask you to leave, aren't enforcing the goverment laws on you, but "their own laws", not the goverments.
If you refuse the leave, they may call the man (ie. police officers) and have you arrested for tresspassing and distrubing the peace, but they aren't arresting you on your views. They are arresting to protecting others (the churchs) right to freedom of speech/reglion
If you build your own church and start up a club that preaches "GNU/Linux Rocks" you are allowed to do that, and the goverment won't do anything. You could then make up your own rules, "This is the house of GNU/Linux, thou shalt not bring in closed source software" then when someone brings in a Windows98 you can though them out onto the street and yell "Don't bring that shit in here bitch, we ain't down with that". But that would be YOU inforcing your "own laws", it won't be the goverment.
But back to your orginal comments, when most people work at McDonalds it is because they HAVE to work there, not because they have a choice. In theorgy, they way it is supose to work, is that the person should be able to go work anywhere where they have the skill to work at. Anyone should be able to do what they want when the "grow up" (atleast that is what my parents told me (I think they may have lied)).
The thing is, if someone doesn't want to work at McDonalds, in theogry mind you (which means it doesn't work in the real world) they could get goverment grants/finacal aid/loans/scholerships to go to trade school/college/etc to gain more knowlegde, expeirnce, education, training to get the better job. This sometimes works, this is how it is supose to work. It does take time, but if they need to be able to train for a better job and be able to pay rent at the same time, there are options.
Just for the record, I am not knocking anyone that works at McDonalds, I used to work there. They are a respectable company and am not trying to FUD them, just using them as an example.
Even if you do have a better job, you company will still take away your freedom. Say you work as CEO of AOL (forgot his name). If that CEO of AOL came out and said AOL sucks, and used his own money to fund an AOL sucks rally, do you think the investors/stock holders/border of members respect his "Freedom of speech"?? The goverment would respect his freedom of speech, but not his company, his company would throw him out on the street (exactly the same as if he worked any other job). I think almost all jobs would fire you for something like that.
The only really job where you have complete freedom (under the goverment that is) would be a freelance job, or a job where you own the company. For example, before Andover/VA bought slashdot, I bet CmdrTaco could say "Slashdot sucks" and not get fired since he owned the company (unless he wanted to fire himself in some weird world). There are very few jobs that offer complete and utter freedom most of them are freelance/self run|owned companies/drug dealers/pimps. For the rest of us, we must do what the man says if we want to pay rent, even if that includes giving up personal freedoms.
On a side note, this is extremely difficult to say after just having watched Brave Heart. I bet if I had a sword the "man" wouldn't be on my back as much.
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
It matters not that you are doing weapons research. It matters not that you are checking an email from you girlfriend/boyfriend. When DOE is involved, the courts hardly matter. There are very few people in this country who are going to give a flying fsck about your privacy as soon as someone mentions nukes.
And, arguably, for very good reason. Not that I think that particular argument is correct, but it is a compelling argument, and many will think that. It's hard enough to make sure that security is air-tight for the areas where it's required without trying to make sure it is air-tight ONLY where it matters.
Personally, I think that they should be checking into just about everything having to do with DOE's security. There is very little on this planet more dangerous that the nuclear arsenal of the United States of America. I'd like to keep it that way.
Indeed. It's not that America's nuclear arsenal is so dangerous--it isn't. It's that the nukes and the knowledge to build them (especially the knowledge) would be dangerous to an unfortunate degree in the wrong hands. The world already has enough terrors. Far more than you imply, incidentally. I can think of nearly a dozen worse things than America's weapons of mass destruction. Near the top of the list would be the arsenals (nuclear, chemical, AND biological) of a range of countries. Or perhaps even worse, the possability of the emergence (either through random mutation or careful manipulation) of an air-borne retrovirus (what happens if you take a disease that is as hard to cure as AIDS, kills as fast as Ebola, and spreads like the common cold?). No, the world has enough worries without more nukes in more hands. Of course, one of those worries (and a very serious one) is infringements on free speach and privacy, such as this latest assault by the DoE. Nothing is ever easy.
...and that's what probably makes it legal.
They own the equipment, they own the network, they even "own" your time at work. You can't say that you can't do your work because it might be monitored - so what, if you're doing work it doesn't matter.
What about personal stuff, right? Well, if you don't want it monitored... don't do it on their system. It's as simple as that.
Of course, IANAL and your mileage may vary.
BlackNova Traders
It seems unreasonable to give any corporation or government agency the ability to steal the passwords to other networks. Controling mail spools and data flows is one thing, but stealing keystrokes and passwords undermines every site's security. If the government or corporation wants to restrict employee access to another network they can do that by disallowing connections. But allowing keystrokes to be recorded which in turn allows the company or the government to compromise the other network looks like cracking and entrapment to me.
They can even fire you for it in some cases. There are some cases where they cannot use the information against you. When discussing job benefits, working conditions, union organizing, or something along that line. Also, if you are speaking out against discrimination. Another is if you have filed a complaint of law, and the law prohibits retalition, and then they monitor you because you filed a complaint, then that is another form of retaliation (increased scrutiny, see the EEOC guidelines).
Fight Spammers!
I always liked, "All you need to do to be connected to the Internet is download our free software at Click&Go.com."
I chose "Click&Go.com" because my other favorite is, "Just click on www.youneedtotypethis.com."
There was an article (in the NY Times I believe) recently about an airline that got a search order issued by the court to search the HOME COMPUTERS of employees suspected of organizing a union sickout or some such thing.
:-)
So if your employer has a good enough reason?, he can even search your home computer.
If you want to avoid having your email searched at work or home, get several anonymous remailer accounts eg HotMail. Be sure to log out every time you use it. Use one account for mainly newsletters, the other for personal mail. If they note you have a HotMail account give them the account with the newsletters
"Open code, in other words, can be a check on state power." -Lawrence Lessig
There is no arguement as to the "legality" of the governments position. They own the network and the equipment as has been stated... they also own the information and wrote the laws.
No one, least of all me, likes the government or the employer looking over your shoulder... but when the government is the employer and you are using government resources time and bandwidth... its better to use the resources, time and bandwidth for the reasons you are there in the first place.
If you bring home a dog that bites you can't complain when it bites... Your acceptance of the condition is contributory to your condition.
................................... Tom Tornado * Making things better since 1960 *
In the past, I worked for the Department of Defense for several years, both as a civil servant and a civillian contractor. Let's just say that if you think DoE is paranoid, DoD is worse. I was subjected to the same sort of warnings and disclaimers about consenting to monitoring, and consenting to allow such monitoring to be used as evidence should they investigate me for wrong doing. IANAL, but this monitoring has been in place for many years, and has been used successfully in disciplinary cases, so I have to figure that there is a legal basis for it.
To me, knowing that "big brother" was watching didn't really bother me. I can see that they have interests to protect, and I was not doing anything unauthorized. I have since left the government scene for the corporate world, and it seems to me that the biggest difference in monitoring between the two is that at least the government makes sure you know you are being watched. I see just as much monitoring in the enterprise, only it's done much more surreptitiously. My question is, is it really an invasion of privacy for my employer to keep track of what I do on his/her computers and office equipment inside his/her office space during hours when I am on his/her payroll?
--The Colonel
> It's that the nukes and the knowledge to build them (especially the knowledge)
... in the wrong hands" you actually mean "dangerous to _me_ personally", rather than "dangerous to innocent people". (I'm guessing you have US citizenship to protect you from US weaponry).
>would be dangerous to an unfortunate degree in the wrong hands.
??? The USA has internationally _earned_ itself the nickname "rogue superpower", it stockpiles (and frequently uses) weapons of mass destruction and weapons of indiscriminant destruction, it has one of the worst records of initiating force in other countries, undermining democracies, propping up dictatorships with force, and worse, and you talk of "the wrong hands"?!?!
Presumably by "dangerious
When a US General (among many others) states that the reality of the US nuclear stockpile is that it is a miracle that an accidental launch has not _already_ occured, you might begin to see why countries object to weapons stockpiling.
While the US can pretend to its citizens that it is somehow different from Iraq, its own actions frequently force the rest of the world to remain unconvinced.
And I bet you'd think Iraq was "the wrong hands".
I think there is at least one more option short of quitting: immediately log off and tell your employer you refuse to use any computer that contains that notice. If computer use is a requirement of your work, then it becomes an interesting question of whether they can compel you to use such a system to keep your job. I knew a gov't laboratory employee who refused to take a 'random' drug test for the second time in as many weeks. It really gummed up the works, and got escalated to the head of the laboratory. If nothing else, your refusal would consume vast amounts of management time, and they might reconsider the policy.
"I think that we should be men first, and subjects afterward. It is not desirable to cultivate a respect for the law, so much as for the right. "
--Henry David Thoreau
---
$ su
who are you?
$ whoami
whoami: no login associated with uid 1010.
The Bastille hardening script adds this to
/etc/motd. The script claims it gives you a
better chance of intruders being prosecuted.
Carnegie Mellon University, where I used to work, has the following disclaimer at login:
I think this is for two reasons: one--to make any evidence they find against crackers more legally clear. two--to cover their asses in the case that they accidentally read someone's email (or the equivalent) doing system maintenance.
It's important to remember that if you're in any sort of shared environment, your sysadmin can very easily read every byte in the system, follow every bit thrown out the pipe, and etc. What's important is that ethical sysadmins don't use this power for evil. :)
No really--I'm serious. As a sysadmin, and a BBS sysop before that, I've had the power to do things like read users' email for a long time. I feel that I have an ethical responsibility akin to those a doctor or lawyer has with respect to confidentiality. I will not pry--but even if I do, I have no right to make public things that I learn. This is most important when doing routine things like backups or looking for files which are taking up too much space, or fixing mail spool files when there's a bad mail loop, or the like.
It's hard not to learn things about people that you shouldn't know in these cases. And as a result, I don't believe in sharing information learned in such ways with anyone at any time. I'm upset when I hear stories about sysadmins stumbling across somebody's private stash of kiddie porn and turning them in. It's true that kiddie porn is pretty damned foul--but in the interest of protecting everybody's right to "sysadmin confidentiality", I still don't think such things should be mentioned. At the very least, I'd probably say "please remove these files from the system, or I'll have to take steps against a potential DoS attack by law enforcement officials."
Anyway, my two cents. I think I'll go look up the CPSR and other like-minded groups now and see if anybody's got a sysadmin code of ethics. :)
This is a US Government computer. This system is for the use of authorized users only. By accessing and using ths computer system you are consenting to system monitoring, including the monitoring of keystrokes. Unauthorized use of, or access to, this computer may subject you to disciplinary action and criminal prosecution
That's what everybody gets on our office machines at the Johnson Space Center. Considering the enormous mountains of paperwork that people type up every day, I would hate to be the guy who reads the key logs. ;-) Even if all they did was store the keystroke logs somewhere, it would be an enormous amount of useless data.
As for legality, hey, man, I just work here.
I use Macs for work, Linux for education, and Windows for cardplaying.
The think you forget, is when you want into a workplace, you lose some of your freedoms. It is a private company and they don't force these "laws" on you, they give you are choice, "play by our laws, or leave/get fired"
For example, we all have the moral and legal right of "Freedom of Speech", but if you take a job at McDonalds, when you are clocked in your "Freedom of Speech" goes by-by. You can not say "So what the fuck do you want on this shitty ass BigMac dicksmack" to the customer. Sure, this is prefectly legal and lawfull (in the US), but McDonalds (private company) will fire you.
If you want to be able to say "fuck" and tell the world McDonalds BigMacs are "shitty", you will have to do it on your own time. The fact is, you are working at McDonalds on your own Free will, and they hired you on their own Free will. At any time either you, or them may terminate the employement agreement. (unless you sign a contact)
Most companies do monitor, on our phone system they warn the customers and employees that the lines are tapped, I mean montior for employee spying, I mean employee montioring and training purposes. They aren't forcing me to work here, and they aren't montioring without my permission. If I did not agree to this, I would have to either 1) quite 2) not agree to it (which would probably lead to me getting fire)
I think an employeer has the right to monitor, but the company HAS to notify the employees for this before hand and tell them what they can and can't do with the system (ie. no p0rn in email or hot grits in pants during business hours, expect for on fridays)
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
Mars Lander Telemetry Control System
login: root
password: xxxxxxxxxxxxx
Welcome to the Mars Lander Telemetry Control System.
MOTD: Management has become aware of the unauthorized use of agency computing facilities for the distribution and use of illicit materials, which is in violation of the computer use policy. Anyone found in possession of or transmission of such materials will be prosecuted.
jpl:# cd / pr0n
jpl:# rm -rf / pr0n
^C
^X
^C
^X
^D
bun-fhuinneog agam!
There's always one more option, though their effectiveness may be questionable... for example:
In the wake of the spy scandal last year, the DOE implemented a mandatory random polygraph policy for all of their Los Alamos employees. Every one. Needless to say, the affected employees were rather annoyed, and they organized and threatened action (wish I could be more specific). Anyway, the DOE just recently backed down and decided to only require random polygraphs for employees who work with sensitive information. They did something about it.
And also, if you have enough money to contribute to your senator's campaign, you could always go the Congressional route. It works for contractors.
(Sorry if this appears twice, but if /. hadn't timed out, I wouldn't be pressing the submit button again.)
I can see the fnords!
A very important note: In the US.
But invalid in Germany. There, you cannot even perform exact recording of dialed numbers on the company PBX. The employer if recording them is obliged to erase the last n (forgot how much) digits. And recording email by the employer is absolutely out of the question.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
This is actually a very common situation, and the legal battles took place mostly in the late eighties and early nineties. The employer pays for the equipment and resources, and they have the right to designate appropriate usage guidelines as well as monitor.
Partly this absolves systems people like me if we happen to come across your e-mail by accident (trust me on this one: I was working on a mail server yesterday and I could see the addresses EVERYONE was sending to, including some verrrry interesting domains), but also in case they have to investigate for any reason. Let's say another employee claimed you sexually harassed them in sending e-mail (let's also assume that this is serious, not just random dirty jokes, talking about the other person's anatomy for example). The company has the right to look at the victim's computer, your computer, the server, even SEARCH THROUGH DESKS looking for floppy disks on which anything relevant may have been saved. I've seen it happen.
As a systems administrator I have to install monitoring and blocking software. I can track every site you visit with your browser, stick it in a database and e-mail it to your manager by 8am Monday morning. He can see that Joe was surfing business-related sites, maybe too much, but within acceptable limitations; Mary was spending all day long at eBay; Dave was recklessly looking at p0rn on his lunch hour; and so on. As long as there's an upfront disclaimer, all such monitoring has been upheld by the courts. It doesn't even have to appear at login; you could have signed a blanket disclaimer when you were hired, and it was just one of a dozen sheets of paper you John-Hancocked and forgot about.
One employer determined that a married woman had transferred to another location in order to conduct an affair with a man there. They fired both of them, not so much for the affair, but for falsifying time sheets and so on, based on e-mails where they set up hotel rendezvous during work hours. They almost fired another woman who was the first woman's confidant in this situation because she had failed to report it.
Another employer requested printouts of all e-mail sent by an employee during his last week, as well as all outside mail sent and received by his friends in the department, in order to prevent disclosure of client trade secrets.
Another employer found that pornography was passing through the e-mail system and before any of the employees were notified, I and another individual had to check for anything illegal. If we had found anything, we were to call in the police.
When I worked on a help desk, I never knew whether my calls were being monitored silently by my boss. My internet usage at work then was via dial-up and this came to the attention of the telephony group, who reported it to my boss, and my boss then required me to justify time spent. (I was able to do so, it was mainly research.)
Bottom line: when you're at work, don't ever assume you have privacy. The employer has broad rights to monitor you for not only illegal activities, but for violations of your employment agreement, for slacking, for slandering, for sexual harassment. Some of the posts here speak of your government employment as a unique situation, but it really isn't. Out in the Real World you may, in fact, have FEWER rights to privacy than in your present situation.
----
lake effect weblog
{Network engineer in Chicago--looking for work!}
Under the current law (you don't have to like it) the employer owns everything that happens on machines and networks it owns. That means that your email, your files, and, yes, your keystrokes, belong to your employer. This has been supported by courts numerous times. If you want privacy, bring your own laptop/PDA/notepad.
I don't think you can much about it except for quitting (or threatening to quit over pervasive monitoring).
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
This isn't exactly a vague situation. There might be a little lee-way if we were talking about a normal corporation, but this is DOE.
If you don't like the new disclaimer, all you can do is quit. As far as my experience goes, when working with the government, and especially when dealing with the military branches, and even more especially working with DOE, you have no rights to anything what-so-ever.
It matters not that you are doing weapons research. It matters not that you are checking an email from you girlfriend/boyfriend. When DOE is involved, the courts hardly matter. There are very few people in this country who are going to give a flying fsck about your privacy as soon as someone mentions nukes.
I'm not trying to say that this is right or moral, just the way it is. The NSA (National Security Agency) has very broad powers when it comes to protecting nuclear secrets. The secrets could be anything from warhead design to the number of gallons of water in a reactor's coolant reservoir.
Personally, I think that they should be checking into just about everything having to do with DOE's security. There is very little on this planet more dangerous that the nuclear arsenal of the United States of America. I'd like to keep it that way.
Big Mac
Large Fries
Large Coke
Happy Meal
Medium Chocolate Shake
Trinoo Attack on CNN
McDonald Land cookies
10 pc Chicken McNuggets
I can see how this would come in handy.