Slashdot Mirror
UK Employers May Read Employees' Mail
Martin Spamer writes: "The BBC reports that today the UK introduces Controversial new regulations (RIP)
giving employers sweeping powers to monitor their workers' e-mails and Internet activity. Campaigners say the rules, under the new
Regulation of Investigatory Powers Act, are an assault on personal privacy." I guess I just don't see it. If I was gonna bad mouth my boss, I'd use my domain as the e-mail address, and PGP crypt the message. It's not so simple when you're using, say, a corporate laptop on your couch at home on a Saturday night tho.This bill was passed a while ago - but this is the day it takes effect.
...and make decrypting it a violation of the DMCA.
"Ancillary does not mean you get to rule the world." --U.S. Circuit Judge Harry Edwards, speaking to the FCC's lawyer
"Campaigners say the rules, under the new Regulation of Investigatory Powers Act, are an assault on personal privacy"
How is this an assault on PERSONAL PRIVACY? You are sending mail and surfing while on company time and you whine because your employer wants to see how you are using it's resources. If this were the government monitoring it's citizens I could understand, but not a company monitoring it's employees.
So I think it's okay to say whatever on your own time, but it seems like an *okay* step to take in work matters, as long as such a law is never evvvvvvver passed for normal home use/personal use.
Acting stupid isn't much fun when there's someone around who knows better
Being at work or using corporate equipment to do - whatever... is like being a guest behind enemy lines. Regardless of the company tells you, you're always under suspect and someone will always be watching you. As the poster mentioned, the only way to really be safe is to encrypt anything you have to say that the company might not like. Then again, can they ask you to decrypt whatever it is you send when they find the message?
I'm always amazed that people are surprised that an employer is reading their mail. Users need to realize that the computer they use at work belongs to their employer, as does the network, the internet connection, and the service to keep it running.
Given that, I've never been anywhere that just checked everyone's email. The person they check on has been doing other things that make the employer suspect something is up.
But be warned, there are plenty of applications out now that scan email for keywords whether it be naughty words or things that may be confidential to the company.
What on earth could you be sending to other employees while at work, that it would matter what you're sending? Anyone, who at this point, is not aware that email is not in the least bit secure, should get what they have coming to them. Personally, I hate it when other employees send crap they download from AOL, thinking they are witty or clever, and that I'd be interested in this droll humour. Chances are, I've probably already seen it anyway.
Has anyone ever noticed it's the technopeasants who send you this stuff (as if they discovered some untapped corner of the internet).
...employees of backbone service providers? If you send an email badmouthing your boss (you work at, say Sprint or MCI) and it travels through a Sprint or MCI portion of the backbone, even if you sent it from another provider, can they then still read your email, because you work for Sprint or MCI?
People who trash their employers via company email.
People who trash fellow employees via company email.
Executives who say damning things about their company behaviour around a live mic or in email.
How often this sort of thing finds its way public
I'm not surprised at how many dumb people there are int he world, just disappointed.
--
A feeling of having made the same mistake before: Deja Foobar
I personally avoid using work email for anything beyond work correspondence, and while certainly not draconian, I feel that it's a responsibility to my place of employment to minimize the use of email for personal business.
Now, if the rules extended to any email/activity from any account even outside of the company's control, then it becomes a free speech issue. (i.e. use hotmail or other web-based emails if you really want personal email at work).
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
> If I was gonna bad mouth my boss, I'd use my
> domain as the email address, and PGP crypt the
> message.
Not enough! The RIP requires you to hand over your private keys if asked to by the Home Secretary (or some designated by him, so realistically any policeman) or face imprisonment.
Frankly it amazes me that Jack Straw can't see the contradiction between passing legislation like the Human Rights Act on one hand, and the RIP act on the other.
Dear Jane
After having started on my new job today, I'm afraid I have some bad news to tell you. The work I am doing here is very challenging which might cause me to do some real overworking. The fact that the boss is a really nice guy obviously has something to do with this. I seriously suspect him to have been a sergeant-major at least in Her Majesty's service, as the charisma and leadership of this man is unrivaled by any previous employer I have worked for. It seems as though this is the place where I belong. The job I have been looking for all this time. I must stop now, as I feel it is inappropriate to take more than 10 minutes of breaktime a day.
Sincerely yours,
me
People replying to my sig annoy me. That's why I change it all the time.
The bottom line is that HMG doesn't get I.T. At all. It's sickening really; we have Smilin' Tony telling us we want to be at the forefront of the e-revolution, and then a sickening bunch of has-beans toadying along behind coming up with crap like the R.I.P. bill and this load of old tosh.
The extent of the problem was highlighted on the BBC Breakfast news when the self-styled e-minister Patricia Hewitt said that although yes, the Government was allowing employer snooping, it was only for "reasonable" uses. To paraphrase the good lady "Employers shouldn't pry. We trust them not to go looking at messages that are private". e-minister *blech*. Bet she wouldn't know a website from a kick in the teeth, let alone exactly what barrel of worms she's just opened. "reasonable use only".... nice. Let's see someone get a legal definition of that one; it'd be like nailing jelly to the wall.
What's worse is that Her Majesty's Opposition is just as technically inept, if not more so. I don't mind so much the boneheadedness (hey; I'd make a crap politician so why should they make good geeks?), but I am fed up to the back teeth with smiling baby-kissers telling me all about how great the technology is and how they know *just* how it needs regulating.... Oh, and then hold 1 week unannounced "review" periods for public consultation, then trumpet their spawns-of-satan legislation as "widely approved of by industry and public".
The thought of actually going out and *asking* people what legislation they need (other than the police, of course, who have predictable knee-jerk reactions hence RIP), and *listening* to them instead of patronisingly telling them what they want could never occur to this bunch of rabid style-over-substance image-is-everything inept sheep. I mean... not towing the party line? showing evidence of independent thought? not being "On-message"? Heaven forbid.
TOh dear did I really type that load of tripe? Ah well, it's off my chest now. Just scroll down a bit will you? There is nothing to see here. I'm going to go and lie down with a cold towel and maybe lay off the coffee for a bit.
--
I'd rather have a bottle in front of me than a frontal lobotomy
> ..and make decrypting it a violation of the DMCA
Content-Type: exttay/yptocray; arsetchay="us-ascii"
Hi Sue. How's work today. Mine's a real itchbay, so I'm idinghay down at Jim's office, and just kind of uckigfay off instead of trying to fight the ullshitbay that it takes to get anything done around here. My new boss is a a real oronmay, and I'm "this close" to telling him to isskay my ass. I'm going to brush up on my resume tonight, and get the hell out of this itholeshay.
How 'bout an afternoon quickie? I was going to eaksnay out early today anyway.
Sheesh, evil *and* a jerk. -- Jade
Irrellevant. It's UK. The RIP bill actually specifies that taking measures to intervene with decryption for monitoring purposes is a crime. If you are asked for your keys you must hand them off.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
If you are porviding business mail hosting as some UK ISPs do you must brace yourselves to be ready to order such service. In both technical and moral terms. The employer is entitled to read the business mail of its employees. This is valid only for hosted business email though. Not for personal.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
Except if they were monitoring corporate traffic. Then it wouldn't matter whose domain you were using.
Encryption? Just use traffic analysis ("Hmm... it appears Rob is sending email through his own domain, instead of the company's domain. Why?")
- I don't care if they globalize against free speech. All my best free thoughts are done in my head.
> Content-Type: exttay/yptocray; arsetchay="us-ascii"
> How 'bout an afternoon quickie? I was going to eaksnay out early today anyway.
Well, my usbandhay, whom you refer to as your oronicmay ossbay, is taking the afternoon off, so we can't oitday here this time. How 'bout if I just come to the office, and we'll give the old oomclosetbray a try?
Sheesh, evil *and* a jerk. -- Jade
Minor correction.
You do not walk out of the door. If you do, they can sue you for misconduct and than you should give the key to the police which will lawfully request it as a part of the investigation. If you refuse to do so it is 2 years in jail.
That is what RIP is all about.
Clockwork Orange and 1984 all the way.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
Why aren't these people being judged on their productivity? You pay them X dollars (or pounds, in this case). They produce results worth Y. If Y is greater than X, they are an asset. If Y is less than X they should be fired. (Alternatively, you could say "Your Y is less than X, we will have to fire you if this doesn't change in 3 month" and let the employee decide whether to bump up the ol' productivity).
(Don't bother bringing up "porn == sexual harassment" because that is orthogonal to tracking and mail-opening)
Now, I realize that tracking an employee's worth in actual dollar figures can be difficult, but any manager worth a damn knows if she is getting bang for the buck out of her employees. Telling an employee that he should spend his 15 minute coffee breaks in the break room reading a book as opposed to emailing his wife to complain about his cow-orkers is just micro-management.
--
An abstained vote is a vote for Bush and Gore.
Non-meta-modded "Overrated" mods are killing Slashdot
(Hey Ryan! Here's your proof!)
My bosses won't be monitoring my mail - they wouldn't know how. They are all too stup...
£^(*&%%$£&*^^ - Carrier lost...
If you moderate me down I shall become more powerful than you can possibly imagine.
If I receive a personal phone call from my girlfriend, is it fair they listen? Is it fair they inform my wife, if she works in the same company? Or if not? When I take a break and use the corporation toilet, is it fair they videotape everything? Run chemical tests on the urine I pass there to monitor my stress levels? To monitor drug abuse? To screen for markers of inherited diseases or tendencies? If one day they get this mind-reading machine, is it fair to read my mind to detect if I am about to leave? about to be unhappy with the company? think private thoughts on "company time"?
In Murphy We Turst
Unless the company is registered with the Data Protection Registrar
AND the employee specifically authorises the company to store their personal data on the monitoring computers
AND the employee specifically authorises the use of that data for monitoring purposes
AND the employee has full rights to know WHAT is stored, at ANY time
AND the employee has full rights to ammend or correct data that is stored, at ANY time
they would be breaking the law to monitor their employees e-mail. I'm not exactly keen on the idea that employers have the right to snoop on employees - whistle-blowers need protection more than corporate executives - but provided the DPA is given sharper teeth to tackle abuse, I think that this might not be such a terrible thing.
(It's only an invasion of privacy if the DPA is essentially rendered worthless for this. You always need checks and balances, and the DPA is the only check your average Joe Bloggs has, right now, to handle computer misuse by corporations.)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
One for business- open to your bosses;
One for personal.
What then if you read your personal account
on a work computer?
<I believe e-mail and internet usage can be monitored by US employers, but only if they notify the employees that montoring is taking place.>
No. Numerous court cases have said the employer has a defacto right to intercept all communications- letters, email, telephone- that use company resources- address, time, facilities.
However, in this tight labor market it is stupid for an employer not ot be upfront about it,
because people do quit when they find out.
This law doesn't need to be passed in the US. US employers pretty much already have this right. In fact, the law in the United States seems to support business in depriving you of what would otherwise be your civil rights. Some employers already engage in search and seizure of actual persons and personal belongings. Many employers require that you submit body fluids for testing. Video surveillance of employees is rampant (and is often done covertly, just as much as video surveillance of customers is done-- in fact, monitoring one often makes it trivial to monitor the other). Employees seem to be able to deprive you of your ability to sue the company by requiring "mediation" for all disputes. They frequently deprive employees and contractors of their ability to build a career through dead-ending tactics like non-compete clasuses.
I fully recognize that civil rights are about government and not business, in fact that's what I'm complaining about (such a myopic view of rights in modern society), so please, no flames about the semantics!
I do not have a signature
I am married and I communicate through email with my wife.
We happen to exchange, say, 3 or 4 mails during the day. which is not that much.
We consider it private and would be quite pissed off if anybody decided to monitor our conversations, even though they remain "soft" because I am here at work and not prepairing tonight festivities.
I admit English accept this rule, because they're so.
But I take this story as a warning not to accept my next job in England because if I am considered as brilliant by my colleagues, I also admit I use the corporate network to coimmunicate a bit while working. It is necessary for me to swap between tasks.
I then should be considered as somebody who's working habits are shocking ?
what about my work, what I am here for ???
If this law was about to pass in a Latin country (France, Italy... even here, in Switzerland) most people would refuse it because I am far from alone in this case.
--
Trolling using another account since 2005.
Why, how can you possibly not understand this. The computer is theree, therefore I'm entitled to privacy. In fact, I'm entitled to have my employer provide a computer to use for my personal matters during working hours. Not having one just isn't *fair*.
Furthermore, my employer has absolutely no right to question what I do with its property that it provides me. It's not like it has any right to control the use, nor that it amy get sued for my use of company property.
Why do they think I'm here? to do stuff for *them*???
Furthermore, I demand full privacy screens to protect me from them
monitoring me . . .
*********
Given that the employer has absolutely no obligation to allow personal use, there's no privacy issue. Personal use is only permitted on these terms. Don't like them?--demand your money back.
hawk, esq.
After reading some of the posts.. here's a thought.
Someone brought up the point about personal snail-mail at work. Your employer does not have the right to open your mail, so why should they open your email? Well.. here's why, although a bit abstract.
There is, due to long-standing law, as well as the fact that something is in a sealed envelope, a reasonable expectation of privacy when you send mail in the post office. (Recall, if you sendt a post card, with no envelope, there is NO expectation of privacy; anyone can legally read it.)
The internet at-large is basically a *public* network. Yes, it's 'public' in a different sense than we usually use, but the fact that you have no real contorl of where your data goes after it leaves whatever you DO control.... that makes it public. THat, coupled by the fact that you don't know the policies of every network your message will pass through. Sending unencrypted mail ils as good as sending a bloody postcard! Yes, you can be reasonably sure the whole world cant' read it, but anyone who happens upon it legally CAN (the postman, your boss, the guy in the mailroom). This equates to things like: The IT staff, your boss, etc...).
Think about it.
If your boss wanted, he could say 'I want to see ALL snailmail coming into the building. Now.. he *CAN*, I believe, do this. He cannot make you open your mail, but he can see the volume/where the stuff came from. After all, the mail was addressed TO HIS BUSINESS.
Use encryption. Seriously. Otherwise, it's like complaining about people using scanners on your cellphone calls (well, the US *DID* legislate against that, funny enough> Canada didn't.). Canada said 'well.. it's going with standard modulation over public airwaves... what did you expect? No expectation of privacy'. Of course, if it was *encrypted*, there is an expectation of privacy, and a scanner that could decrypt it may be illegal.
I used to be a sysop of a WWIV board and I would read user's mail all the time. My system, my phone line, mine mine mine. Same situation applies here.
:)
//MAILR is good clean fun.
BilldaCat
Is there anyone else who really doesn't give a hoot about email monitoring? If your company respects you, they're not going to be a snit about personal use of email and web surfing, unless of course, you're obnoxious about it. If your company acts like the Gestapo, well, find yourself a new employer. It is the company's resources, after all. And if you're divulging secrets or bad-mouthing other employees, well duh! you moron, of course you're going to get smacked.
I myself keep job inquiries in my inbox, just as a warning to any snoopers: mess with me, and I can walk in a heartbeat.
What too many people seem to forget though is the imbalance of power in this situation. Your email is suspectible to snooping by upper managment, but how many of you have the oppurtinity to snoop on their personal doings at work? And before all your submissive lap-dogs whine about "it's not your job to know what they're doing", remember that a great many wokers in the tech sector are stockholders in the companies for which they work. I have just as much desire to see the company succeed as the suit with the inflated salary, and I have a right to know that he isn't wasting my money.
But alas, that's the corporate republic for you. It's feudalism, not democracy.
--
Agreed, sort of. It's long been traditional since I grew up reading unix sysadmin books by O'Reilly that employers should be able to track stuff, certainly in the case of abuses of the system.
.|` Clouds cross the black moonlight,
Where all the modern fad of calling it a breach of privacy has come from, I dunno.
How much mileage is there in the view that "freedom of speech is fine, but abuse it and lose it"?
~Tim
--
~Tim
--
Rushing on down to the circle of the turn
They are using our bandwidth to send personal mail--so we should be allowed to read it!
They are using our phone system to make personal calls--so we should be allowed to listen in!
They are using our parking lot to park their cars--so we should be allowed to search them!
They are using our plumbing to take personal dumps--so we should be allowed to watch!
They are using our lighting to illuminate personal activities--so we should be allowed to monitor!
They are using our air molecules to vibrate with personal spoken messages--so we should be allowed to eavesdrop!
All of these things are "environmental". Presumably there is value to the company to provide them to all employees. If an individual employee is being unproductive, fire him. There's no need to read his mail, search his car or test him for drugs. If the mail system (or parking lot) as a whole is costing more than it provides, de-install it. There's no need to read everyone's mail or search everyone's cars.
Remember during the Olympics and how everyone squawked about how the FBI was reading the email from the kiosks? But the kiosks belong to some company or government--can't they do what they want? I'm using my ISP's bandwidth, does that mean they can cc all my mail to the FBI? No, dammit!
--
An abstained vote is a vote for Bush and Gore.
Non-meta-modded "Overrated" mods are killing Slashdot
(Hey Ryan! Here's your proof!)
In the USA, land of the free, home of the brave, the constitution, etc...employers have the right to scan all the transmissions on the wire, read your emails, whatever.
Just thought you'd like to know.
The last place I worked didn't delete ex-employees mail accounts, preferring to harvest and read what people sent them months/years after the employee left.
Treatment, not tyranny. End the drug war and free our American POWs.
See my user info for links.
So what sort of bosses like to see what their underlings are up to. Do they themselves believe they should be monitored also?
A while ago our head salesman logged on to check his shares, only to find a porno site had taken its place (temporarily). Those photos were in his cache whether he liked it or not, and our proxy logged the accesses. As it happened we were working in a small office and we all had a good laugh about it.
How would things be in a larger organisation where the monitor may be unable to see (or appreciate) the context? Would it matter if our head salesman was a junior instead?
-- Hob - Java Spectrum Emulator
There are things I do not understand.
If I want to say that my boss is a stupid idiot, can't I do that?
If I say that he'll kill me or that I'll kill him for the extra work he is giving me, I'm NOT saying that I or he will died. This is just a way of expressing my frustration.
Such comments are not intended to hurt the feeling of my boss. They are not even directed against my boss. They are expression (=release) of something that I had into me.
Anyway, this is a private conversation between me and someone else and should not be taken out of context.
I beleive I am the right to say what I want if I do not offend publicly someone, if I do not offend the person receiving the email.
Lawyers may say that this is not how things work, but I do not care what lawyers can say.
They should think a bit and realize that there are many more ways to hurt and insult people in a civilized and educated way! People that really want to hurt someone else would use this subtle lawyer-proof way and not a more direct one.
At one workplace, where I was a union representative, there was an issue where someone was being victimised by their immediate supervisor. The HR department were quite enlightened, and were pleased to have evidecne that said boss was responsible for the alarming rate of resignations. It was a large site with open-plan offices. Private phone calls to HR were impractical. Note, all parties concerned were workers at the same organisation.
In general, a private channel is often very helpful in intra-organisational disputes.
Stephen
Lose 2 marks for bad reporting again, somewhere along the line.
This bill does not specifically give UK employers more access in terms of monitoring their staffs email.
This bill gives the UK government + police services, access to monitor *ANYBODYS* email, for any reason, even if you are not under suspicion of having committed a crime. It's not even email either - they can demand the ISP feed traffic in general their way.
If it was just work mails I wouldn't really care - it's their bandwidth, but the fact is that the RIP bill is in fact there purely to give the authorities unprecedented power to intercept the communications of the general populace, to demand their decryption keys (or face prison), and other such lovely fluffy things. It's big brother, approved by a government with no clue whatsoever.
If anyone offers me a job in the US, I'll move..
--
ALL YOUR BASE ARE BELONG TO US!
>I guess I just don't see it. If I was gonna bad
>mouth my boss, I'd use my domain as the e-mail
>address, and PGP crypt the message.
PGP encrypting it would do you no good, RIP gives the government powers to demand that you hand over your encryption key(s). And if you don't comply, or you've lost the key, or something? 2 years in the slammer.
There's an interesting article about RIP and what people can do to avoid it at http://www.fipr.org/rip/RIPcountermeasures.htm
Some of the spy programs operate at tail end of transmission- that is, dump your screen perdiodically, say every 30 seconds. Private accounts and encryption would fail here. This spying is popular inside the home, but may be unwieldy in a company.
They always have been.
Send some plain test mail with certain kinds of threats in them and you'll be hearing from somebody. This trivial to do in the current internet.
How would you feel if laws were passed allowing you boss to plant hidden microphoens and cameras in your office? Its really not very different.
Well, if reading your employee's mail is OK I guess this means that all Brittish Citizens, who together employ every Member of Parliment, have the right to read the email of their employees. Not sure the best way to read the email of any given MP, sniffers? Carnivore? Any ideas?
...but your email can and will. Your post is hardly a refutation. The point being made is that misusing company resources is wrong; not that you have no right to privacy at work. What you say is completely irrelevent.
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
In most circumstances, your privacy will be safe due to the ineptitude of your cow-orkers. Even if your network administrator is an uber-geek, just find out what he uses to secure his email.
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
Every account on the LAN had a blank password, which we were not allowed to change. The purpose of this was to allow the boss access to any email account when he pleased. Security on the network just didn't exist.
What was really annoying was that this was an isolated office network. Email access to the outside world was via a separate PC, situated next to the boss. If we needed to access a web-sire or news for support work purposes we had to do it from home.
Whilst I worked there one collegue had some personal mail delivered c/o the office, as he didn't have a permament address in the area. The boss opened this private mail and read it. I should have walked out then - I was already pissed off by the fact that I'd been standing outside in the rain for 45 minutes, waiting for the boss to turn up to open the place.
I only worked there for 2 days (I'd have not come back from lunch on the second day if I hadn't left some possessions in my desk). It was the work place I'd ever worked at.
> I think this fad comes from the entitlement :)
.|` Clouds cross the black moonlight,
> thinking that people can do whatever they want
> whenever they want and misusing company
> equipment or embezzling time are not
> considerations.
Agreed. I think "freedom of speech" needs to be justified rather than pulled out of the hat every time something goes slightly wrong.
People will want entertainment. Entertainment is not hacking. Entertainment is a zero-quality plain waste of time, IMNSHO.
~Tim
--
~Tim
--
Rushing on down to the circle of the turn