Federal Judges Take a Stance Against Workplace Monitoring

parvati writes: "The NYTimes is reporting that federal judges on the US Court of Appeals for the Ninth Circuit (the largest of the 12 regional circuit courts) disabled software on their office computers that monitored downloading of music, streaming video, and pornography--software that had been installed by the Washington-based Administrative Office of the Courts after a survey showed that 3-7% of the judicial computer traffic included streaming video and the like. The judges say that they are concerned about "the propriety and even the legality of monitoring Internet usage." The AOC is not pleased."

Re:We needed these guys for the Microsoft trial...

[mystery_bowler]

Not to seem argumentative (because for the most part, I agree with you), but you don't need technical savvy to understand privacy violations. Your average human being understands what it means to have your every move watched. Your average human being (at least, the ones who were raised in the United States) also have a problem with being needlessly watched. Even with all the grief we tend to give federal judges, they are people as well and I'm sure they want the same basic rights as any one else, privacy being one of them. This stuff is just common sense. Understanding what the caveats are in an anti-trust case when you've got lawyers and experts throwing legal and technobabble at you...now that takes a special kind of judge.

Re:our best defense

[dirk]

This is probably a small victory in the direction of workspace liberties, but is it a correct one?

I work for a consulting firm that does a great deal of work for the government. If I'm surfing porn or whatever during their time, then that's not a legitimate use.

Mass downloading on the other hand is something else entirely. As I type, I have slackware 8.0 downloading and I regularly listen to streaming radio feeds while I'm doing my work. Those are the uses that I think are the most important. IMHO, It's no different from having the radio on or listening to a cd.

Except you are using some of their finite amount of resources to do this. Listening to the radio takes no resources (except for the tiny amount of electricity, which they give you permission to use by saying you can listen to the radio). Downloading Slackware and listening to streaming audio uses a piece of their bandwidth.

I work at a company that only has a partial T-1 (768 kb/s). If we had people downloading Slackware and listening to streaming audio, it could potentially impact our bandwidth for legitimate work related activity. Should we be able to monitor and make sure people aren't using our (limited) resources for things they shouldn't and thereby negatively affecting the productivity of others? Of course we should, so how is this any different? If you are continually on the phoen making personal calls, you can be disiplined (they can't monitor the content of your calls, but they can monitor how much you use the phone). That is because it is a limited resources (there are only so many lines) and if you are using then for non-business related activities, you could impact people trying to use then for business.

Ack!

[The+Abominous+Salad]

As a former manager of a staff of phone support techs, this doesn't sound good. Privacy doesn't (or shouldn't) apply in cases where you're using company products to conduct company business. You're there to work, and they have every right to see what you're doing when you're doing it.

I know that monitoring software (via software pretty similar to VNC but neither beer-nor-speech free) helped us get rid of a few folks who were surfing porn, netsexing, and even downloading 1337 h@><0r utilities. I think once we even stopped a rep from verbally abusing a customer via a trouble ticket response because we caught him typing the message. Without these tools, they would have just minimized the windows and the company would have been open to liability. Now, if this precedent applies to all monitoring of workstations, companies are far less able to enforce their employees' behavior, for which the employer is accountable. In short, bunk.

Re:Missing the Point

[peccary]

Well, if they notify you upon receipt of employment

Except that NOBODY notifies employees of policy concurrently with the offer. The policy notification only happens *after* you have started the new job, when they have you over a barrel. And they change policies freely during your employment, leaving you no choice but to accept or walk out. This is a significant power differential, and it suggests that these are not "contracts freely entered into", but that there is some measure of coercion involved.

For further proof, imagine asking for a copy of the employee handbook in an interview. Do you think you'll get that offer? I'll bet it wouldn't help your chances. That says volumes about the coercive nature of this so-called "contract".

Re:our best defense

[rosewood]

Ah but you are using THEIR bandwidth and THEIR time (THEY are PAYING you to be there to do whatever it is you do - NOT to download ISOs and not to listen to music. If your boss says okay - then its okay. If you did not ask or especially if he or 'someone in corporate' said no - then youre not suposed to do it - EVEN IF *YOU* THINK IT IS OKAY Im starting to see a weird patern in /.'s that just do what they think is right - IE writing an anti code red worm that nukes the partition 'because if they didnt patch it - they deserve it'.

This is odd...

[Lxy]

"the days before the software was disabled, there were hundreds of attempts at intrusion into the judiciary's network from places like China and Iran. "

How does Monitoring Software == firewall software all of a sudden? Please don't tell me that their monitoring software is also a "personal firewall" package. If they're relying on firewalling at the workstation level then all of my faith in the judicial system is lost. "We didn't have the staff to support a redundant SOHO system so we ordered up a few copies of Norton's Personal Firewall". Oh, the humanity!

Sensationalism

[Wind_Walker]

These judges didn't "take a stand" against "workplace monitoring", Michael. These judges wanted to download MP3s, view porn, and watch videos. That does NOT mean that they disagree with monitoring, they just wanted to get around it.

Don't try to make this out to be more than it really is. This is just a bunch of co-workers using their own smarts to get around the IT department.

Re:Sensationalism

[mikethegeek]

"Don't try to make this out to be more than it really is. This is just a bunch of co-workers using their own smarts to get around the IT department"

Everywhere I've worked, I've BEEN in the IT department, and we are the first ones to by-pass any blocks/filters for ourselves. After all, we're responsible for maintaining them...

This also as DMCA implications. The DMCA would seem to create an open season on placing bugs in software that monitors browsing, collects information, etc, and "phones home", yet disabling this or even breaking into the code to find out WHAT it's doing would be a DMCA violation.

I guarantee soon monitoring software will be appearing in closed-source programs, like games, etc before long, when the Doubleclicks of the world start spreading the $$$ around. And it'd be nice to have judges who are aware of the implications.

There are two ways of monitoring.

[Saggi]

Good: You can use systems that anonymously monitor the use of the Internet in a department. This is interesting, as it would allow detecting possible "problems". If the survey showed that X % downloaded porn when they worked, the department would be able to raise the issue and start setting focus on the problem (if it is considered a problem).

Bad: On the other hand, monitoring personal information would target everyone, and would force any worker in the department to become paranoid. This would lead the way to do personal manhunts, and would be a very bad thing.

Not gain!

[garoush]

We keep talking about monitoring at the workplace -- I am all for *if* it is aimed at:
a) making sure that nothing "outside the law" is taking place
b) making sure that its not being over done by utilizing company and work bandwidth.

HOWEVER, what I don't see being studied and reported on is, if letting employee surf at work is adding value to their productivity and therefore to the company. For example, it is a fact that listening to music (via radio, et. al.) is a way to improve ones productivity. Doesn't surfing improve productivity as a way of taking break, et. al.?

Can we for once get some study done on this "monitoring" stuff from a positive angle please?

What's sad...

[Xaje]

is that the higher-ups only begin to question the legality/ethics of software monitoring when it happens to them directly.

Although I'm not a big fan of workplace monitoring, this instance smacks of that guy whose neighbor told him about the how p2p likes to find kids, give them pr0n and take their bikes.

In a perfect world, the folks in D.C. would listen to the concerns of those of us who are bugged by privacy intrusions when they first start. I guess I'm not really one to complain, since I've never written a letter to my congressdude.

Maybe we should start writing. That way we'll be justified in complaining when congressmen/judges only care about things affecting them directly, or when they hear it from their neighbor's kid's cat.

Oh leave the employers alone...

[volkris]

It's their computer equipment, their buildings, their officespaces... let them do with their property what they want. Let them monitor all they want.

I don't want anyone telling me what I can do with my computer, so if I want to monitor my computer I will. Same with the employers: if they want to
monitor their computers they should be able to.

I consider it a huge inconsistancy in nerd viewpoints that they want freedom for themselves (let me put whatever OS I want on my computer!) but not for some other groups (don't you DARE monitor what goes on on your computer while your employee is using it!).

If you don't want to be monitored, don't work there. It's that simple.

And then there's the solution that the employees can always insist that the executives of the company are monitored too and everyones' records are made available to both employees and stockholders. After all, I'm sure the stockholders will go for any proposal that would increase productivity from the executives too.

The key is to leave the decision to monitor or not to the company itself, and not the government.

Who are they trying to kid - FUD

[andreass]

In the article, Mr Mecham, who is the it person, stated:

'After the shutdown, Mr. Mecham complained in a memorandum that disconnecting the software was irresponsible and might have resulted in security breaches, allowing unauthorized outsiders access to the judiciary's internal confidential computer network. "The weeklong shutdown put the entire judiciary's data communication network at risk," he wrote on June 15.'

This it total FUD! How can a monitoring program on a judges workstation have ANY effect on the integrity of the firewall. I don't know of any firewall that requires client programs on end users workstations to be active in order to maintain protection.

Re:Sensationalism (Please RTFA!!)

[pq]

These judges didn't "take a stand" against "workplace monitoring", Michael. These judges wanted to download MP3s, view porn, and watch videos.

If you'd bothered to read the fascinating article, you'd have seen that the NYT explicitly says: "There is no evidence that any alleged abuse involves judges." Just so you know.

And in fact, the issues they are worried about are :

• Judge Alex Kozinski, a member of the Ninth Circuit appeals court, [argues] that the monitoring was a violation of anti- wiretap statute.
• "Aside from my view that this may be a felony, it is something that we as federal judges have jurisdiction to consider. We have to pass on this very kind of conduct in the private sphere."
• "In fact, the issues of what is permissible by employers have produced a patchwork of legal rulings and the matter has never been addressed directly by the Supreme Court."

That's what they are worried about. And as for using their tech smarts: they just ordered their sysadmin to disable monitoring software. Try reading the article, mmmkay?

1984 is dead long live 1984

[GrumpyOldManager]

After reading this I was reminded of the computer forensics "How-To" article in Computer World 7/9/01, http://www.computerworld.com/community/security/se curity_manager/0,,NAV65-663_STO61959,00.html . In which a company visits the desktop machine late at night and copies the hard drive for later study. Thinking about it even more it seems like you could just backup the client hard drives each night then scan the "data" for interesting items. To completely automate the system you could just e-mail HR the violation information for appropriate action. "Please fire so-and-so, they visited web site such-and-such from a company machine, twice today!"

I've found over the years that there is often a correlation between an employee's time spent inappropriately browsing the WWW and job performance. My personal policy has always been to trust employees and reward good job performance.

In the rare case that an employee breaks the laws of the land we've been able to retroactively piece together the evidence needed by the police from logs and backup tapes. May not be as proactive as real time monitoring but it seems to be just as effective.

As for security threats. There are lots of ways to prevent viruses and system compromises that don't involve monitoring what client users are browsing on the internet.

I think if management came to me and asked that we monitor computer usage by employees I'd suggest that we find new supervisors who are more in touch with the day to day activities of their charges.

Which reminds me, do you monitor your children's internet activities? I personally just put the computer in a public place in the house (like the kitchen) and make a point of walking by it every once and a while.