CNet On Online Freedom

jonnythan writes: "CNet apparently had a talk with Ari Schwartz of the Center for Democracy and Technology. The result is this story, which paints a terribly frightening picture of what Your Rights Online really are. It's a very informative story nonetheless, and puts the fiascos with Real Networks et al in a somewhat different light." Covers a wide variety of online situations, and how you have little to no recourse against corporate or government snooping. Not very in-depth, but maybe it will start people thinking.

goofing off, errands, personal emails, etc.

[Wansu]

What is really important here? Is the work getting done? Unless somebody is downloading porn and displaying it, thereby exposing the company to a sexual harassment lawsuit, or sucking down HUGE files which eat up the bandwidth, big deal!

Yes, in essence, this constitutes goofing off. So what? I see these guys who will implement such policies wasting enormous amounts of time standing around in the hallways each morning, coffee mugs in hand, discussing sports and what not. So some kinds of goofing off are OK, others aren't. Sheeeeit.

Another poster pointed out that he's at work all the time and ain't got time to run errands. Yeah, and everything is open from 8-5. Most software types have to work OT constantly anyway.

I ssh to a shell acount. Yeah, I suppose they could monitor keystokes but at least my mail is not on the company servers.

We haven't really seen a backlash against this kind of crap yet but it's coming. Emboldened by the laws and judicial decisions they've purchased, companies will continue to push the limits until people get fed up.

Correct Link

[nullspace]

This is the correct page: Link.

Re:National security isn't just a myth

[Stiletto]

Even now that the Cold War has finished there are any number of threats to people in every country that are dealt with by intelligence services all the time without people even realising it. And if these agencies cannot access information when it is required then they cannot do their jobs, and the chances of say, a terrorist bomb attack, goes up dramatically.

Have you ever personally seen a terrorist? Anyone here at Slashdot ever met a real live terrorist? I doubt it. There just aren't that many of them. "Anti-terrorism" is just the cover story, folks. Most governments in the world (including those of nations who claim to be free countries) are very much interested in destroying their citizens' privacy. If you know every little detail about millions of people, you have a very powerful (and profitable) weapon.

Without personal privacy, the government knows every tiny law you have ever broken, down to the time you parked your car in a fire lane. Do you look like you might be a terrorist? Do you have religious beliefs that don't fall in line with the norm? Do you live a certain lifestyle that the government may take issue with? If they ever feel like ruining your life for these reasons they can just pick you up, throw you in a truck, and read to you the list of laws you have broken.

"Anti-terrorism" is used to hide the profit, too! In a world increasingly dominated by corporate interests, it should come as no surprise to anyone that the government's secrecy and security agencies sell their data to corporations. What insurance company wouldn't pay billions for a list of people who they can raise rates for? What marketing firm wouldn't pay dearly for a detailed description of every citizen with a SS number, his likes, dislikes, beliefs, eating habits and route to work?

Don't be naive. The governments couldn't care less about "terrorists". In fact, the more real terrorists are allowed to do their thing, the more the governments can justify the massive invasions of privacy that are already happening.

Unnecessarily pessimistic

[The+Famous+Brett+Wat]

Although all the examples given in the article are truly awful and worthy of concern, it's clear that the article uses the classic journalistic technique of sensationalism. There's no balance -- not even a suggestion of it. It paints an extreme picture of the world, leaving out all the bits that don't mesh with this extreme.

This is an important issue, but don't rely on sensationalist news to inform you of the world's woes. Most people will just get steamed up about it, and that's the idea: it makes good reading -- you get involved in it. Getting steamed up isn't actually very useful, however. Examine the problems rationally, obtain information from non-sensationalist sources, and act where you can.

Re:Public needs to stop pretending there is no iss

[orpheus]

I am dismayed when my friends exclaim that the CIA will never read my email, because I am not important, nor have I done anything wrong or have something to hide.

Here are some facts and cases that every American citizen should know. I was pretty horrified that this entire area was not mentioned in yesterday's discussion of Federal monitoring (alas, I didn't have time to read it or post yesterday)

1) Since 1978, US Intelligence agencies have a special court (FISA: Foreign Intelligence Surveillance Act) to turn to for domestic wiretaps. Each decision is reached in secret, with no published orders, opinions, or public record. Only one of the tens of thousands of requests was ever turned down. When Clinton signed Executive Order 12949 on February 9, the powers of the FISA court was greatly expanded: It now has legal authority to approve black-bag operations to authorize Department of Justice (DoJ) requests to conduct physical as well as electronic searches, without obtaining a warrant in open court, without notifying the subject, without providing an inventory of items seized. The targets need not be under suspicion of committing a crime. Here's what Federal Judge Robert W. Warren from Wisconsin, (senior panelist on the second tier FISA Court of Review) said about his duties...

On the first tier are seven federal judges, appointed to staggered seven-year terms by the chief justice of the Supreme Court. Each judge takes a turn reviewing applications submitted by the attorney general. He or she sits in a sealed, vault-like chamber on the top floor of the Justice Department headquarters, where the door is always locked and guarded and the room is regularly inspected for bugs.

In the unlikely event that the first tier rejects an application, the Department of Justice can appeal to the FISA Court of Review. Should this three-member panel of judges also deny the request, it could then be heard by the Supreme Court. Those last two progressions up the judicial hierarchy have proved strictly unnecessary,
however. Federal Judge Robert W. Warren from Wisconsin, senior panelist on the second tier FISA Court of Review, joked that he has not exactly been overwhelmed by the workload since his appointment in 1989.

We've never met since I've been on it, said Warren. I was sent a designation by the Chief Justice, and I asked a couple of people what in the world the court did because I had not even heard of it before I got that designation. I also had some correspondence with my brethren on the court and we've talked to each other and said, `What are we supposed to do?' and, `When is something going to happen?' Nothing ever has happened. It's an empty title as far as I am concerned at this point.

Based on the remarkable record of servility the first-string spy court has achieved on surveillance requests 15 years with only one rejection, and that one on technical grounds new requests for physical searches are unlikely to cut into the Review Court's happy schedule.

2) going down from the Federal level, wiretap abuse on landlines and wireless by state and local authorities is extremely widespread today. These wiretaps are applied without court order, with very deliberate lies on affadavits, and every other imaginable abuse of the system. A search for "illegal wiretap" will turn up links to articles listing thousands of cases Here are a few.

• The LA County Public Defender's Office is appealing over 500 cases where the real or circumstantial evidence was primarily due to illegal wiretaps. The LAPD conducted thousands of illegal wiretaps each year (acknowledged in numerous state and federal reports) but get les than 100 legal wrrants every year (except 1998, when they got 328, vs 24 in first 6 mos of 1999). The corruption went all the way up to the elected District Attorney of Los Angeles, Gil Garcetti, and judge were 'informally aware' of the practice, but signed anyway. For details, see Deputy Public Defender Kathy Quant's summary article or the W.I.R.E.D Project (Wiretapping Investigation, Research, Education, and Defense), both at the LA County Public Defender's Office website.
• An unnamed officer hears an unknown Hispanic man mentioning that he will be recieving a wire transfer of a substantial amount of money that day. There is no mention of drugs, even in code, as the investigators later admit. His colleagues (not linked to the illegal wiretap) invent a confidential informant ("CRI") who claims the money is drug-related, and notify local banks. When the Hispanic man goes to the bank to make a a withdrawal for the amount mentioned, the money is seized. It takes him years to get it back, though he demonstrates early on that the money is from his grandmother's estate, and was being wired so he could buy a house. This case, euphoniously named U.S. v. $265,260.32 in US currency US CV 97-4442 AHM (CWX) (A federal case - money is often 'arrested' under RICO and other laws, because money does not have civil rights) cites several other cases where equally blatant abuses have taken place (including US v $39,000 in Canadian Currency, to be fair to our northern neighbor).
• Agencies even illegally bug themselves and each other, as this recent case in CT illustrates.

3)Legal wiretaps are usually not very cost-effective.

• Judge Perry authorized the San Bernadino District Attorney to wiretap public pay phones in drug traffic areas for 4 months. The results:
  • 131,202 individuals' conversations intercepted, taped, and will be kept by the DA for 10 years...
  • 10 - Incriminating Conversations were obtained as result of violating the privacy of 131,202 people.
  • 0 - Arrests Made. NOT ONE ARREST.
  • Oh, it cost San Bernadino Taxpayers over $625,000.
• A similar order by Judge Czueleger ordering blanket wiretapping of LA jail pay phones for the first 6 mos of 1997 also resulted in no convictions, and cost $1,119,422.
• In '98 ot '97 (don't have the Fed report with me), the states ordered roughly 1200 legal wiretaps, resulting in three arrests per wiretap, on average. Only one arrest in four was convicted, however.

These items are just the tip of the iceberg! Do a few Google searches, and you find case after case of officers and agencies wiretapping for personal gain and institutional chicanery, of forged or fraudulently obtained warrants, and massive illegal campaigns that don't even pursue current crimes, but where the recordings are stored (as in the LA cases) for possible future use.

It's uncomfortable to think about. I don't enjoy it myself. However, before we believe "1984 has come and gone, and we're safe", we have to ask ourselves... who says we're safe? The Government?

Re:What about the company's privacy?

[HiThere]

Right. It becomes all secure if you use your own equipment. Well...

E-mail isn't generally time sensitive, so that isn't much of a problem. One can isolate transmissions, ensure that the computers don't have floppies, Jaz disks, writeable CD's etc.

But phones are time sensitive. If you need to deal with someone, you need to deal with them when they are present. And I don't see that things become any more secure if you make the contact over a cell phone than over a company phone.

If you treat people as untrustworthy, then they tend to want to be untrustworthy. I understand the assymetry between the inconveniences suffered and the damage that may be done. But if you intentionally restrict utility, then you had best "make it up" somehow. And somehow accountants don't seem to understand this very well, not that money is the appropriate "make it up" benefit, but even non-cash benefits have their monetary cost. And most "morale building" exercises can seem like an extra imposition to some fraction of the population. So it needs to be an "at your choice" benefit cafe. (More dictatorial choices don't increase the perception of liberty.)

Re:Public needs to stop pretending there is no iss

[sethg]

Utility companies are working to improve their metering and billing systems, so they can (a) work better in a deregulated environment, and (b) offer customers the same kinds of fine-grained pricing schemes that phone companies offer. (Right now, most utility companies are sloppy about reading meters and are happy to give you an estimated bill, but that's because most utilities are monopolies that wouldn't benefit from more precise bookkeeping.)

If I could crack, say, a regional water utility, and download a database with a couple of years' worth of usage records, I could call my friendly neighborhood mobster and arrange a very lucrative consulting contract.

My employer sells billing systems to phone companies and is starting to break into the utility market. When I went to a presentation describing these exciting new trends in metering and billing, I asked about the privacy implications. The lecturer said that (in the USA) state public-utilities commissions were responsible for privacy-related utility regulation. This somehow did not fill me with confidence.
--

Re:You make your own privacy

[Kaa]

While it's pretty easy for a company to intrude on your privacy, especially among the Windows-using demographic where monitoring programs can very easily be installed on your computer

Not to defend Windows, but what is it about UNIX that would prevent a competent sysadmin to install monitoring programs on your, say, Sun box?

I've yet to hear of a case where someone was fired for using encryption, ssh or ssl to protect their privacy.

Some places (like mine) explicitly prohibit using any kind of encryption in the work place. You sign a piece of paper stating that you know and agree to this when you are hired.

One of the reasons I've been looking very carefully at PDAs lately is that I want a personal, as in really personal, machine that I can use at work and at home and tell the employer to fuck off if he wants to know what's in there. Laptops are too big and heavy, and Palms are too drain-bamaged. Psions and the latest crop of WinCE [pulls on asbestos underwear] devices look yummy.

Kaa

Re:The most disturbing point

[Kaa]

This sounds like the court determined that what was essentially a contract between an employer and employee was invalid...

Err, no. That wasn't a contract. That was a promise and legally there is a world of difference between a promise and a contract (quick-and-dirty test: in a contract there is *exchange* of value, in a promise one side just gives and the other side just receives). Promises, generally, are not enforceable.

...but don't lie to each other?

I suspect that the promise was made by some mid-level manager who really had no authority to make these claims...

Kaa

Re:National security isn't just a myth

[Kaa]

Even now that the Cold War has finished there are any number of threats to people in every country that are dealt with by intelligence services all the time without people even realising it. And if these agencies cannot access information when it is required then they cannot do their jobs, and the chances of say, a terrorist bomb attack, goes up dramatically.

This is, basically, an argument for a police state.

Your point is that part of the government's job is to protect its citizens from threats and that taking away individual liberties makes this job easier. The problem, of course, is that historically governments were very, very consistent is abusing the advantages they have over individuals.

Consider that forcing everybody to carry at all times an internal passport with fingerprint/retina/DNA information would make law enforcement a lot easier. Consider that forcing everybody to wear and electronic anklet/bracelet which monitors their location (a la house-arrest devices) will make it even more easier. Consider that allowing to use torture and/or psychoactive drugs on suspects will considerably increase the percentage of crimes solved. So?

The problem is finding an acceptable trade-off between personal freedom and government needs and your post seems to be quite one-sided in this regard.


Kaa

What about nude Natalie Portman pixs?

[coyote-san]

It's worse than that. An employer has a legal *obligation* to provide a workplace free of sexual and racial harassment, etc. These cases aren't always widely known, and it's certainly possible that the "snooping" employer is actually desperately trying to comply with the terms of a settlement that most employees are unaware exists.

Part of that settlement could be scanning office e-mail for offensive language or content, e.g., nude pictures of Natalie Portman rolling around in grits. Encrypted mail might be construed - as part of the settlement - as a deliberate and conscious attempt to circumvent monitoring and thus trigger immediate punitive measures. YOU DON'T KNOW, AND NOBODY IS OBLIGATED TO TELL YOU.

If you really want privacy, use SSH to connect to your personal account from work. Bring in your own laptop if you have to... at most, they'll tell you that it's not permitted.

But blindly installing and using PGP or GPG might cause problems far, far beyond anything you would expect. If you're lucky, you'll be fired "for cause." If you're unlucky, you'll be named as codefendant in some criminal or multi-billion dollar lawsuit, have your face plastered across the cover of magazines as the Geek Who Cost TLA $5 Million,....

On a smaller scale [Re:Public needs to stop p...]

[Zulfiya]

Nearly a decade ago, I made a conscious decision to not use my first name online. It's not because I like my last name that much, but because until then, I'd been drawing annoying correspondence from net.romeos. Some of it was flirting, some of it was abusive, and all of it was aimed at me because they could look at my name and know they were talking to a "gurl, huhuhuh."

So, in a way (bear with the analogy, folks), I "encrypted" my name down to my first initials.

I found out later that this was a common feminist ploy in business circles used by women who wanted to avoid discrimination and by men who wanted to show solidarity with those women. You can apply many of the same anti-encryption arguments against this practice [e.g. "Do you have something to hide? Are you ashamed of being female? Don't we have a right to know who we're dealing with?"] but it was a useful and often necessary practice at the time.

These days I've switched to using feminine handles, but I still try to avoid using my first name much. These days I want it to be just that much more trouble to track me back to RL (I have a common last name and many searches ignore initials - If I'm going to be stalked I'd rather be stalked by someone competent.)

You don't always have to have something to hide to want to keep some information private.

Re:Public needs to stop pretending there is no iss

[DaveHowe]

.. or just click the (#85) link near the top, which will have the same effect (unless you want to lengthen your comment limit)
--

Re:Yeah, right.

[bnenning]

Pure democracy is a bad thing when your rights can be trampled because 51% of the voters elected demagogues. This is the reasoning behind the U.S. Constitution and similar documents that place certain freedoms beyond the control of government.

Australia is a democracy; the Liberals are in power because they represent the majority. If you think they should not do what they are doing, and are actively working to hamper them in so doing, then you are an enemy of democracy, plain and simple.

Applying that reasoning the following are enemies of democracy:

• German Jews who resisted Hitler (who was elected)
• Rosa Parks, Dr. Martin Luther King, and countless other civil rights leaders who opposed discriminatory laws passed by elected officials
• The ACLU and other free speech groups that oppose democratically passed censorship laws

You are correct in that minors have limited (not no) rights, but your conception of democracy and freedom is seriously flawed. The phrase "tyranny of the majority" comes to mind.

Yeah, and PGP keys.

[Convergence]

And we should start getting PGP keys up there, for two reasons. First, spammers aren't going to go looking into PGP keys for email addresses, and second so we can start encrypting more of our email.

I'm fairly intelligent and I am aware of the risks that that article talks about, but damnit! It scares me..

Here's a useful tip for all of us here. When you install a friend's computer or email program, make sure that it's got PGP and they know how to use it.

The most disturbing point

[dsplat]

Even though Pillsbury had assured its employees not only that the email accounts were private, but that they would never intercept email communications or use them as grounds for termination, these mails were intercepted, and Smyth was fired. He sued, and lost. The court found that "even if we found that an employee had a reasonable expectation of privacy in the contents of his email communications over the company email system, we do not find that a reasonable person would consider the defendants' [Pillsbury's] interception of these communications to be a substantial and highly offensive invasion of his privacy."

This sounds like the court determined that what was essentially a contract between an employer and employee was invalid because no reasonable person would expect a company to keep it's word on something like that. Am I alone here in assuming that there are ethical people in the business world who certainly keep secrets from each other, but don't lie to each other?

Re:The most disturbing point

[Captain+Constitution]

Even if this wasn't a binding contract, it is most certainly unethical. It is my personal belief that no corporate entity should be able to spy on their employees by sifting through their e-mail. It violates all sorts of rights granted to us by the Bill of Rights.

Furthermore, the government has passed laws regarding the Interception of Digital and Other Communications

The U.S. Code Title 47, Chapter 2, Section 33 also notes: From the decrees and judgments of the district courts in actions and suits arising under this chapter appeals shall be allowed as provided by law in other cases. Criminal actions and proceedings for a violation of the provisions of this chapter shall be commenced and prosecuted in the district court for the district within which the offense was committed, and when not committed within any judicial district, then in the district court for the district within which the offender may be found; and suits of a civil nature may be commenced in the district court for any district within which the defendant may be found and shall be served with process. I think that a closer look at this case may lead to a chance to take legal action against the employer.

Re:Public needs to stop pretending there is no iss

[dsplat]

I am dismayed when my friends exclaim that the CIA will never read my email, because I am not important, nor have I done anything wrong or have something to hide.

Far too many people have a model of privacy that only assumes that the government will spy on you and that only criminals need to fear that. It is trivial to find other examples of a need for security. Consider a regular family vacation. You and your spouse have been going out of town every year to spend New Year's Eve with your parents and New Year's Day with your in-laws. Do you want a burglar to know that you aren't home? Any of the following could reveal that:

• Unencrypted e-mail to your families
• Phone calls over cordless phones or analog cell phones
• Poorly protected credit card records showing yor purchase of plane tickets
• A poor web site for your newspaper allowing you to sspend home delivery while you are gone that reveals that to someone else
• A security hole in the airline's frequent flier program web site that revealed which flights you have already received mileage for

You haven't done anything wrong. You are a law-abiding citizen visiting family. Unfortunately, the two guys who are filling a truck with every valuable in your home aren't such upstanding people.

How about some privacy assistance, Slashdot?

[Tau+Zero]

If Slashdot was truly concerned about their users' privacy from snooping, every Slashdot service would be available by https as well as http. As far as I can tell, https://slashdot.org doesn't work.

This goes double for services like Hotmail and Yahoo. You can protect your password on Yahoo mail via https, but your actual mail goes back and forth in the clear. They need to do something about this too.
--
Ancient Goth: Someone who overthrew the Roman Empire.

Lunch Time. Pay Phone. The old days.

[billstewart]

(All you young folks - why when I was your age, we had to walk to work uphill both ways in the snow....) So 20 years ago, most people did this sort of thing on their lunch break or coffee break, if they worked at a job that wasn't flexible about that sort of thing. It was especially true for factories, but office jobs were often that way as well. Bell Labs was still part of The Phone Company, and there were pay phones in the building you could use for long-distance non-business calls, which still cost actually money back then instead of being basically free like they are today - and the PBX or Centrex had call detail records, so if you made personal calls from your desk you could identify which they were and how much they cost. But at least some businesses you needed to deal with would talk to you on the phone - if you needed to deal with the Motor Vehicle Department, you had to go in person, either at lunchtime with everybody else, or during work hours if your boss didn't mind you talking the time, or the one evening a week they'd be open late (late meaning about 7-8pm.) Banks were much the same way, though ATMs were starting to emerge.

Re:What about the company's privacy?

[dirk]

Email makes no difference in this situation. What's to stop you from printing all that material, taking it home, stuffing it a legally-protected, unsearchable envelope and mailing it out? Nothing. Yes, what you did is probably illegal. It still doesn't give the company the right to rip open every envelope coming out of YOUR mailbox.

Nothing is stopping you except the fact that taking out 5 boxes of documents may very well be noticed by someone. You simple can not stop everyone, but that doesn't mean you should make it easy for everyone either. I can send out every single document on our servers in 1 day. How long would it take me to print out every document and smuggle it out of here? Years, at the very least.

A company is not a human. It has no rights to privacy.

This is the silliest thing I've ever heard. So your saying I have the right to walk into any company and look at any records they keep? I can see any research done by a company, because they don't have any privacy? Companies have the right to keep things private as much as a person does.

What about the company's privacy?

[dirk]

Everyone is saying how they want their privacy while at work, and their employers shouldn't be able to even access their machines at work, but what about the company's privacy concerns?

I work for a company that is in the pharmaceutical industry. This is a very competitive industry, and corporate espionage is not unheard of. If the company can't look at email if they feel they need to, what is to stop an employee from pulling down all the information on the server and sending it to a competitor? Who is to say that encrypted file is a letter to your mom and not the memo you just received about company policy and the data just received from another company you work with?

People survived for years without having personal email at work, and they can do it now. If it's something you don't want your employer to know about, don't send it through his sytem. The company has as much right to protect their privacy as you do.

Re:What about the company's privacy?

[Sax+Maniac]

Email makes no difference in this situation. What's to stop you from printing all that material, taking it home, stuffing it a legally-protected, unsearchable envelope and mailing it out? Nothing. Yes, what you did is probably illegal. It still doesn't give the company the right to rip open every envelope coming out of YOUR mailbox.

A company is not a human. It has no rights to privacy.

You make your own privacy

[Greyfox]

While it's pretty easy for a company to intrude on your privacy, especially among the Windows-using demographic where monitoring programs can very easily be installed on your computer, there are also steps that you can take to protect it. While most of the workplace privacy cases that have gone to court have come out in favor of the company, I've yet to hear of a case where someone was fired for using encryption, ssh or ssl to protect their privacy. If anyone has one, I'd like to hear about it.

Re:You make your own privacy

[Greyfox]

I'd guesstimate that about one in a hundred sysadmins are competetent enough to do so. And I use Linux at work, installed the system myself, and no one knows my root password. The odds go way down.

PDAs are definitely going to be a problem. Moreso if a company decides to issue them to their employees. I've yet to hear of any court cases involving them, but I'm sure it's only a matter of time.

Why should this be surprising?

[lari]

If you spend an hour or two a day at work on personal phone calls, doing some non-job-related reading, or any sort of personal activity, you're using your employer's time and resources for non-work-related activity. In this respect, why should personal e-mail and web browsing be different? I've sat down and watched employees at my current place of employment download megs of porn. It's clearly against company policy, and it's not like they're invisible. While you're at work, you've sold that time to your employer -- whether you go by the hour, or you're selling 40 hours out of your week. It's not yours.

If you, as an employee, don't *know* that your employer is capable of doing this, I pity you. Corporations should have clear enforcement policies, yes, and they should stick to them. And when a policy says "We won't monitor this" and they do, it's dishonest. If a monitoring policy is changed, the change should be made public. Warning employees before taking action against them would be a nice touch.

Blocking sites, monitoring user action... yes. If there's a user on my corporate network who's downloading or distributing naked pictures of fourteen-year-olds or selling internal secrets to the Kazakhs or some other such thing, I'd sure as hell like to know about it before the FBI or Barbara Walters does... and keep them from finding out.

Yes, employees should know what kind of things their employers should see. But they should also think like someone could be looking over their shoulder at any time. When you're at home, on a personal connection, it's a different story. When you're using someone else's stuff, you play by their rules.

Re:Why should this be surprising?

[drinkypoo]

Damn, here's the post that says the same thing that I was going to say. Rather than a "me too", I'll just elaborate on this.

As others have mentioned, what you're using is company property. You have no right, given by god or government or otherwise, to use their hardware for any personal buisness.

Now, I use work machines for my personal enjoyment every day, and I'm not likely to stop that any time soon. For instance, I'm all over slashdot at various times during the day. I also manipulate my web banking from here, and occasionally ssh into a shell of mine to work with email or to hop on irc for a few minutes. (Employers, don't get paranoid, I'm usually getting on #perl to ask a stupid question.) But these three activities are special for different reasons.

First, slashdot. I don't say anything on slashdot I want to keep private, for obvious reasons: Namely, it's a public-access system. So I don't say anything here I'm worried about anyone seeing, much less my employer.

Then, the web banking and the ssh - The web banking is an ssl connection. The ssh connection is, well, an ssh connection. Both are encrypted. Filtering software could stop me from doing either, and any decent sniffer software would know what machine it was coming from and where it was going - But they can't determine the content of those messages, so they're fairly safe.

Mind you, I'm part of the IT staff here, and I know there's no filtering, we don't have a logging proxy, et cetera. Even if I were, though, I would not hesitate to perform the actions listed above.

Also keep in mind that it's important to be sure that there's nothing like Remote Desktop, Remote Control, VNC, or PC Anywhere running on your machine. You can find out by checking in install/remove programs, checking the video drivers that have been loaded, and checking the process list. On UNIX, check your x authentication and make sure no one is running xkeys, I guess, though generally a UNIX shop is not a monitored shop, in my experience.

It's *easy* for an employer to keep tabs on what you're up to, at least in a vague kind of way. Your only escape would be to use an encrypted VPN connection, and that doesn't stop them from monitoring what you're doing on your PC. If they're really hard up they can record your keystrokes on pretty much any operating system.

Unless you absolutely know better, never assume that you're not being watched. Don't say anything from work that you're not willing for the whole world to see. Accept that this hardware and network does not belong to you, and that your employer has the right to protect their interests. Don't bitch about not having time to do this stuff any other time, and then expect your employer to understanding; You chose the path of your life with your actions and decisions, you put yourself in the position you're in. If you have errands you just have to get done, take a day off from work. That's what personal days are for.

Or hell, call in sick, employers can't read your brainwaves while you're sitting at home on the sofa.

Yet.

If We Can't Do it At Work Where Can We Do It

[Carnage4Life]

A little while ago when confronted with articles like this I always felt that most of these stories were situations where the employees were at fault but simply were refusing to claim responsibility. But working in a corporate environment in the past month has made me realize that some of my opinions were that of a naive college student. To put it simply, there are many times when one has to make personal calls, write personal emails or do personal web browsing especially since most of use spend the majority of the daylight hours at work.

Already in the short span of one month that I have been working I've made long distance calls to my girlfriend to confirm her flight, I've called credit agencies about a misunderstanding in my credit report, emailed friends about a software project for school we're working on, made long distance calls to pay bills for my old apartment (I relocated for this job) and more. From what I read in the C|Net article, and a few others in Fortune as well as other places, I put my job in jeopardy by performing any of the above actions. If I had a choice I would still do them again because there's no other time for me to do these things. I'm at work eight to nine hours a day, before I leave the house most offices and agencies are not yet open and by the time I get home they are closed.

My purpose in posting this is to let the people who feel that you deserve to be stung for doing personal things at work realize that there are many situations where you have no choice but to do these things from work. Of course, the alternative is to come into work late or leave work simply to browse the web, make a phonecall or shoot off an email.

PS: I considered posting this as an AC, but decided that if I actually do get nailed for these things, I'd have a suit on my hands since I'm posting this from home.

PPS: All the things I did on the phone I also did online (i.e. surfing credit agency sites, emailing my GF, etc).

PHBs and email

[Rand+Race]

"Ever worry that your boss might read that indiscreet email you fired off to your best friend after an infuriating office meeting?"

Seeing as how my boss requires my help to use Amazon, No.

Public needs to stop pretending there is no issue

[Netsnipe]

What if everyone believed that law-abiding citizens should use postcards for their mail? If a nonconformist tried to assert his privacy by using an envelope for his mail, it would draw suspicion. Perhaps the authorities would open his mail to see what he's hiding. Fortunately, we don't live in that kind of world, because everyone protects most of their mail with envelopes. So no one draws suspicion by asserting their privacy with an envelope. There's safety in numbers. Analogously, it would be nice if everyone routinely used encryption for all their email, innocent or not, so that no one drew suspicion by asserting their email privacy with encryption. Think of it as a form of solidarity.

---From "An Introduction to Cryptography" by Phil Zimmermann, the programmer of PGP himself.

This is an analogy I remind myself each time one of my friends at high school ridicules me for being a paranoid "conspiracy nut". It concerns me greatly that most of the general public of my country, Australia seems to take a laissez-faire approach to their online Internet rights. For example, Australians have already lost their right to unmonitored and uncensored (but not yet implemented) Internet usage and our intelligence agency, ASIO now has the legal right to actually crack our computers and monitor communications without a warrant all for the sake of so-called "national security".

What is just as worrying is that the general population accepts the face value of our politicians. The government in power, the conservative Liberals claim that they are acting in the best national security and moral interests of the silent majority, but to me, it would seem like they acting to silence the majority. The general public needs to be made aware of how insecure the Internet really is, and how governments are seeking to gain a legal right to infringe upon their basic human rights to freedom of expression and press. There seems to be an accepted dogma by the public here that the online world is different and that their human rights are automatically guaranteed by the nation's law instead of being restricted in reality.

Even my own high school, Sydney Technical High was planning student email access; a proposal to ban students using encryption to circumvent monitoring was considered. The majority of the student seemed unconcerned with this, except for a few others and myself as we saw this as a blatant attempt to impose the school's authority upon us while they were claiming legal responsibility over our moral wellbeing! The school told me that this email service was to be a "privilege and not a right" and thus if I was upset, I should use my own email. I was mainly concerned with those without access to encryption outside of school having their civil liberties breached. Luckily the school abandoned this scheme altogether after discovering free email services provided by services such as Hotmail. However, the mere fact that the school was willing to impose such draconian measures upon its students is a sad reflection of Australia's stance towards online civil liberties.

I am dismayed when my friends exclaim that the CIA will never read my email, because I am not important, nor have I done anything wrong or have something to hide. I wish that they could see that if they we don't start fighting for our rights online now, such as the right to uncensored access, encryption, and online self-security then a time will come when it will be too late for everyone to start voicing their opinions without fear from those seeking to impose their wills upon us.

Old news.

[www.sorehands.com]

We have been talking about this here.

She glossed over many of these issues.

Maybe one day, people will understand the issues. Most people take the attitude, "if you weren't doing anything wrong, you would not have a problem." If you don't libel a company, they won't bother you. If you are not a hacker, then they won't kick down your door.

Most people don't realize things effect them until, they are dragged off to the concentration camps.

Privacy is a personal issue...

[krystal_blade]

Anyone who beleives that their privacy should be somehow magically protected on the internet is a fool. The internet was not designed for privacy, or anonymity. Hermitism, and disconnecting the telephone line from your PC pretty much guarantees these things. If you utilize a PC from work to do something, it's the WORK's PC. They have every right to monitor their equipment. Unless you demanded a "private email" clause in a contract you negotiated, don't expect one. The company has every right to check on what you do. (That's called management, folks.) Let the buyer beware, as the old adage goes. Now, for those of you that didn't get spontaneous anurisms from what's written above, there are some things that can help you. First, encryption almost ALWAYS guarantees privacy, and security. While it may be a tedious way of doing things, when you're calling your boss a shit, you don't want to use the public address system, do you? In the old days, people used to talk bad about their manager on cigarrette breaks, when their manager wasn't around. Today, they send emails on a system that can monitor them, then bitch about it when they get canned. Pathetic. Ignorance is not an excuse. On the personal surfing side, you have the ability to almost guarantee your anonymity. Pick an ISP that doesn't hand out personal info, and encrypts their billing procedures with decent encryption. Do some homework. When you're surfing, don't give up your name. Don't give up your address, and don't give up anything you don't want ANYBODY to know about you. The sad hard fact is that no one guaranteed your anonymity, or privacy on the internet. If they did, then they guaranteed THEIR own privacy policy. They never guaranteed against intercepts, and people stealing the information. And remember, that the more you push for privacy laws to be enacted, the more rights you, as a user, and a consumer will lose on the internet. krystal_blade

National security isn't just a myth

[Jon+Erikson]

The trouble is with this situation is that it isn't as cut and dried as people might think. Sure, you've got a right to privacy, but national security isn't just something made up by government's to impose Big Brother regimes on their citizens.

Even now that the Cold War has finished there are any number of threats to people in every country that are dealt with by intelligence services all the time without people even realising it. And if these agencies cannot access information when it is required then they cannot do their jobs, and the chances of say, a terrorist bomb attack, goes up dramatically.

OTOH corporations should have no rights at all to spy on their employees in the ways that this article suggests. Unfortunately because the growth of net use in the workplace has occured so quickly the law hasn't been able to keep up with all of the various aspects of privacy and rights.

And whilst the corporations have such a pervasive influence on government, especially the case in the US, the issue is likely to be either sidelined or made even worse by pro-corporate legislation.

---
Jon E. Erikson

You have more rights if you're careful

[Agelmar]

I must admit, it is frightening that at work, the admin could have installed a program on my computer that runs in the background as a service that records my every keystroak... but then again, if you're careful, you don't have to worry about it! Don't go downloading porn on the company computer, and you don't have to worry about it! Bring it in on a disk! :-) And as far as companies reading your email, well, if you're stupid enough to use your corporate email account for personal mail.... but if you use something like Hotmail, or your POP3 account from home, you've really nothing to worry about. And, if you are worried about people installing things on your comp, especially the admin, then (assumming you are using NT) log on and LOCK THE COMPUTER (crtl alt del) and don't shut it off. The admin can unlock it, but you'll know if he did because he can't log on as you. A little bit of caution and common sense goes a long way towards protecting your privacy on the net.
-Agelmar

Doesn't anyone fact-check anymore?

[TrebleJunkie]

Sent to cnet.com this morning:

• To whom it may concern:

• In her article "Check Your Freedom at the Door", Sally McGrane writes:

  "Your Health Records Are Imperiled

  The ACLU is backing legislation introduced to the House and the Senate to guarantee that your medical records can't be accessed electronically. The ACLU says that, as of now, the U.S. has no coherent, consistent medical privacy policy, and that a nationwide law is necessitated by the advent of electronic records and national insurance companies. Among the breaches of privacy that the ACLU reports is a Maryland banker who accessed medical records of people diagnosed with cancer before deciding whether or not to give them loans. Also, a University of Illinois survey found that 35 percent of Fortune 500 companies check medical records before they hire or promote."

  I would suggest to Sally and her Editors that a little fact-checking is in order before publishing this scaremongering stuff, and painting a much bleaker, darker picture of the future than actually exists. Just because the ACLU says it's so, doesn't mean it is.

  HIPAA, the Health Insurance Portability Act, passed in (I believe 1996) and slated to go into effect later this year once the final regs are approved, will *majorly* impact how your medical records are stored, accessed, and maintained.

  Expected to cost the Health Care industry *many* times what it spent on Y2K, HIPAA mandates sweeping physical and electronic security measures, in addition to process changes, etc., to ensure your privacy, and the protection and accuracy of your medical record.

  For further information, I refer you to:

  hipaadvisory.com
  hipaalert.com

  Sites that I'm not in any way affiliated with. Working in the health care industry in information technology these days, it's something I'm very aware of, as are most doing MIS/IT in the health care world. CNET and Ms. McGrane would have done well to maybe ask at least *one* knowledgable person before publishing this "report."