Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bill Bans Secret Workplace Snooping

Posted by michael on from the Carnivore dept.

jyuter writes "According to this ZDNET article, congress is considering a bill which requires companies to disclose their practices regarding reading employees' e-mails. What puzzles me is this quote from Charles Schumer D-NY, "We would never stand for it if an employer steamed open an employee's mail, read it and put it back. It is the same thing with an employee's e-mail." So it's ok then for employers to steam open employees's mail and give it back to them, provided they tell the employees of this policy beforehand." This would be a very modest proposal indeed - one tiny step for privacy, one giant leap for, well, nothing. Maybe I should be less cynical. Nah.

9 of 18 comments (clear)

  1. It's ok(?) to do this... by don_carnage · · Score: 2

    I think it's OK for employers to read incomming/outgoing email. gasp

    First off, they are providing the service to aid their business -- not for your own personal pleasure. If you are conducting business as usual...then what do you have to hide? Internally, a company should not be so paranoid as to keep things from itself.

    Second, if you are giving away trade-secrets or perhaps mailing your resume to competitors, I think they have every right to know about it.

    So what's the different between reading email and scanning proxy logs? Or even drug testing or checking your bag/suitcase at the door?

    Don't think flame...think company protection
    --

    --
    Wooden armaments to battle your imaginary foes!
  2. Letter Vs postcard by goldmeer · · Score: 3
    I'm getting tired of everyone assuming incorrectly that they have an expectation of privacy regarding regular email.

    As I explain it to anyone that will listen:

    If you send a postcard in the regular mail, anyone that touches the card can easily read the message that you have written. You have no expectation of privacy.

    If you send a letter sealed in an envelope, then those that handle the letter cannot easily read the message written on the paper within. You have a reasonable expectation of privacy that came from sealing the envelope.

    Email is a postcard, not a letter. There is nothing on the standard mail message that is sealing it from the eyes of anyone that touches the mail message. The text and any attachments are in the clear for anyone that has access and cares to look to read your message.

    The answer is encryption.
    Once you encrypt a message, you are sealing the envelope. You then have an expectation of privacy, the better the encryption, the better the expectation of privacy.

    You see, companies reading mail is not at all like steaming open letters, because unencrypted mail is not like a letter. Companies reading email is much more like reading the postcards that you get in interoffice mail.

    What's that, you say, you don't send postcards in the interoffice mail? Sure you do, every time you click SEND in your email program.

    Joe Goldmeer

  3. We are talking about *on-site* email, right?! by coyote-san · · Score: 2

    After the recent NW Airlines fiasco (where a union activitist's *personal* computer was seized and searched), I have to ask...

    We are talking about employee's on-site, business provided email accounts, right? This isn't a backdoor that allows companies to demand access to an employee's personal accounts, right?!

    The CNet article suggests that, but knowing how many truly braindead laws Congress has passed recently (electronic signatures, anyone?), the question needs to be asked.

    For the record, I have publicly defended monitored e-mail on several occasions - and supported harsh actions against employees who insist on encrypting their personal email - because of those damn harassment suits. But that is a problem that applies to all of society.

    --
    For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
  4. What's the problem? by Stephen · · Score: 2
    So it's ok then for employers to steam open employees's mail and give it back to them, provided they tell the employees of this policy beforehand.
    You have a problem with this? If you want to send me private mail, send it to my home address.
    --
    11.00100100001111110110101010001000100001011010001 1000010001101001100010011
  5. Missing the point ! by Anonymous Coward · · Score: 2

    I am becoming increasingly frustrated with those that believe they have any right to computer related privacy in the work place. While the computer you use at home and at work may be similar there is a major fundamental difference. Your work computer is a business tool just as is the desk it's on top of and the chair you sit in. It's not there for your enjoyment and its not their for personal use. The computers and networks are there so that the business can function and based on that, not only do I believe they have the right, but any business that does not keep an eye on their networks is in danger of paying for non productive employees. I am a net admin for a small company. In my 2nd week of employment I began looking at logs and emails and it was through looking at the emails that I discovered that 1 individual (along with a few others) in particular was spending at least 2 hours a day on the net hitting all kinds of sites, porn included. This was a highly paid individual...you do the math. How much was the company paying this guy to surf and send porn using company email ? Plain and simple the computers and networks you use at work are business tools and should be used for business related purposes and SHOULD be monitored to ensure such use.

    1. Re:Missing the point ! by Detritus · · Score: 2
      In my 2nd week of employment I began looking at logs and emails and it was through looking at the emails that I discovered that 1 individual (along with a few others) in particular was spending at least 2 hours a day on the net hitting all kinds of sites, porn included.

      What the fsck were you doing looking through people's emails? Being a network administrator is not a license to indulge one's voyeuristic tendencies. Just because you have the technical means to do something doesn't mean that it is moral or legal.

      --
      Mea navis aericumbens anguillis abundat
  6. Re:It's ok(?) to do this...you are on crack by Proteus · · Score: 2
    Do you think everything out this thoroughly? They provide a phone on the desk too. Does that mean that you can only use it for company business and that they have the right to record all of your phone conversations? I guess they can listen in when you call the doctor, or the Workman's compensation claim division, or any number of things.

    Actually, if a company has a policy of "no personal calls", they can monitor conversations based on suspicion of violations of policy. You'd be surprised!

    Besides, it is not unreasonable for a company to say up front that an personal phone calls, e-mails, etc. should not be taken care of using company resources (including company time), and that as a condition of employment you accept that they will check up on you if they suspect this activity.

    You want personal e-mail? Get your own account!

    --

    --
    We may not imagine how our lives could be more frustrating and complex—but Congress can. – Cullen Hightower
  7. I disagree by SEAL · · Score: 2
    The better analogy would be this:

    You send an email and your company's admin snoops it via logs or whatever is roughly equivalent to the following scenario:

    You put a postcard in the mail. It goes to the post office, where it gets photocopied and archived. Then it is forwarded on to it's proper destination. Sometime in the future, the post office can look at the photocopy, supply it to courts, your ex-wife, or your dog.

    If that sort of thing were happening to postcards, people would have a fit. Just keep in mind, while email may be easily readable like a postcard, it is much more easily archived than a postcard. And it's archived very frequently. Furthermore, it is easy to compile data on who is sending what, and to whom.

    Yes encryption is one solution. But I still believe that the laws should require equal treatment of email versus snail mail, at least for personal email. Businesses should at the very least require employees to waive their email privacy before snooping on them. I don't really have a problem with that, since sending email from work is associating yourself with the company. They should get to control what leaves their servers, or at the very least, email heading to external addresses.

    Best regards,

    SEAL

  8. This won't make a big difference by sandler · · Score: 4
    I think this is an excellent bill, as people should at least be aware of what's happening. I'd much rather have an exposed camera in an elevator than a hidden one.

    But, keep in mind that this only means that they have to tell you what they can or may do. It doesn't mean that every time they read one of your emails, they have to tell you that they did so. My company was straightforward in saying that they can and do read emails, web logs, etc. But I think most people operate as if they probably won't read everything.

    I think this is a step in the right direction, but I bet even after being notified of the company policy, an employee would still be shocked/upset if an HR rep dragged out an email and grilled him on it.