Slashdot Mirror
Federal Judges Take a Stance Against Workplace Monitoring
parvati writes: "The NYTimes is reporting that federal judges on the US Court of Appeals for the Ninth Circuit (the largest of the 12 regional circuit courts) disabled software on their office computers that monitored downloading of music, streaming video, and pornography--software that had been installed by the Washington-based Administrative Office of the Courts after a survey showed that 3-7% of the judicial computer traffic included streaming video and the like. The judges say that they are concerned about "the propriety and even the legality of monitoring Internet usage." The AOC is not pleased."
Not to seem argumentative (because for the most part, I agree with you), but you don't need technical savvy to understand privacy violations. Your average human being understands what it means to have your every move watched. Your average human being (at least, the ones who were raised in the United States) also have a problem with being needlessly watched. Even with all the grief we tend to give federal judges, they are people as well and I'm sure they want the same basic rights as any one else, privacy being one of them. This stuff is just common sense. Understanding what the caveats are in an anti-trust case when you've got lawyers and experts throwing legal and technobabble at you...now that takes a special kind of judge.
My sigs always suck.
The number is actually far less than one percent. For well over ninety-nine percent of all cases, the Federal Appellate Courts are as far as it goes.
My workplace uses blocking software. In conjunction with an investigation, a supervisor request or normal network maintenance, we occassionally monitor Internet (primarily WWW) usage. Each time we can't a half dozen folks who are then reprimanded or fired.
Our CEO's feeling is that we should not have to tell our employees that using a company provided PC and Internet bandwidth during the workday to surf porn it not OK. With the last few rounds of discipline however, we have put out a notice to all employees, the boss put out a letter to supervisors requiring them to council their staff and we initiated a user statement of agreement that is signed prior to being issued an account.
All that is great CYA. It is disappointing to see folks who should be setting the example protect the immature habits of a few. It is crap like this that is that is causing American jobs to go elsewhere. I am not for worker abuse, but like one of my bosses used to tell me "When you name is on the bottom of your paycheck, you will get a vote in workplace policy".
Everytime they give access to a new service, they should at least inform about rules for accessing it. And when you're joining the company they should inform you about any existing policies. When where you last informed about excessive monitoring and restrictions on privacy during a job interview?
So even if you post a story with a login-free link included, the editors will clean it up to cover their backs. Frankly, I can't blame them; since almost everyone knows how to dodge the info-collector it's not worth risking a fairly well justified law-suit.
I work for a consulting firm that does a great deal of work for the government. If I'm surfing porn or whatever during their time, then that's not a legitimate use.
Mass downloading on the other hand is something else entirely. As I type, I have slackware 8.0 downloading and I regularly listen to streaming radio feeds while I'm doing my work. Those are the uses that I think are the most important. IMHO, It's no different from having the radio on or listening to a cd.
Except you are using some of their finite amount of resources to do this. Listening to the radio takes no resources (except for the tiny amount of electricity, which they give you permission to use by saying you can listen to the radio). Downloading Slackware and listening to streaming audio uses a piece of their bandwidth.
I work at a company that only has a partial T-1 (768 kb/s). If we had people downloading Slackware and listening to streaming audio, it could potentially impact our bandwidth for legitimate work related activity. Should we be able to monitor and make sure people aren't using our (limited) resources for things they shouldn't and thereby negatively affecting the productivity of others? Of course we should, so how is this any different? If you are continually on the phoen making personal calls, you can be disiplined (they can't monitor the content of your calls, but they can monitor how much you use the phone). That is because it is a limited resources (there are only so many lines) and if you are using then for non-business related activities, you could impact people trying to use then for business.
"Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
Did you hear the story about the two judges arrested for drunk driving on the same night? They get to talking, and figure out that they could be the judge at each other's trial, and get off a lot easier.
So, on the day of the trial, the first judge takes the bench, the second says he is representing himself, etc., etc.. To speed things up, the defendant pleads guilty, the judge asks, are you sorry for what you did, etc., etc., the defendant shows "due remorse", and the judge decides to let him off with time served.
The two then switch places, even swapping the same black robe there in the court room, each wearing their golfing outfits underneath, and switch places.
The current defendant pleads guilty, and shows "due remorse". The judge looks over the desk, and says, "if memory serves, this is the second DUI in a row that has come before the court. In the past, the court has been lenient on this particular offense, but it looks like we have to send a message to the community. $5000 fine and time served!"
I agree, this probably won't turn into a real court case. All this talk about illegal wiretaps and other nonsense sounds scarier than a nice, simple privacy amendment to the constitution. I wouldn't like my IT department getting a court order to "wiretap" my connection because they think I may be "stealing" excessive bandwidth from the company. Is it a worse crime if you are "stealing" from a government institution?
The solution is clear - either a privacy ammendment, which clearly states the right to privacy and lets future legislation and court cases decide the boundaries (not likely in the near future), or just go to a better company, one that's not as draconian. And you wonder why there is a shortage of tech workers for government jobs?
The monitoring program ran on a computer connected to the firewall. That computer had several functions. One was to monitor web browsing. Another was intrusion detection. By ordering the techs to diconnect this computer from the network, they also diconnected the intrusion detection for the entire federal judiciary's intranet.
I have discovered a truly marvelous sig, unfortunately the sig limit is too small to contain i
Wait a second here. I read this to mean that it was ruled a violation of privacy to visit someone's website? This seems a bit far in the other direction. Does anyone have any more information? I am firmly against workplace monitoring, but at the same time, I can't imagine how some one could post a web page and not expect visitors.
-db
How do you tella judge what they can and can't look at in the course of their duties? If they're working on a case that involves online porn they may need to visit the site!
The revolution will NOT be televised.
As a former manager of a staff of phone support techs, this doesn't sound good. Privacy doesn't (or shouldn't) apply in cases where you're using company products to conduct company business. You're there to work, and they have every right to see what you're doing when you're doing it.
I know that monitoring software (via software pretty similar to VNC but neither beer-nor-speech free) helped us get rid of a few folks who were surfing porn, netsexing, and even downloading 1337 h@><0r utilities. I think once we even stopped a rep from verbally abusing a customer via a trouble ticket response because we caught him typing the message. Without these tools, they would have just minimized the windows and the company would have been open to liability. Now, if this precedent applies to all monitoring of workstations, companies are far less able to enforce their employees' behavior, for which the employer is accountable. In short, bunk.
My workplace monitors IP traffic left, right and sideways.
My thoughts on the matter...?
Well, lessee, <tap>,<tap> ...areyou listening, OK!
"Provided by the management for your protection."
I wouldn't have a problem with being monitored if it was spelt out in my employment contract that I would be. If I cared about that, I could then insist on higher pay, or not take the job, if I didn't want to be monitored.
The problem occurs if employers can just start monitoring without informing employees, and without creating the expectation that they will follow through, so that employees can decide for themselves whether to accept it or not.
It's worth trying, and certainly less invasive than monitoring traffic from individual machines.
To: All Chief Judges, United States Courts
From: Chief Judge Mary M. Schroeder
Re: Clarification of AO Correspondence on Intrusion Detection System Shutdown
You have received a memorandum from Director Mecham dated June 15, 2001, regarding the Administrative Office's use of intrusion detection software on the Data Communications Network (DCN). This memorandum will provide you with additional information about why the Judicial Council of the Ninth Circuit directed that this software be disconnected for a brief period. Before doing so, let me emphasize two points:
1. The security of our computer systems has not been compromised. The firewall that protects the Internet gateway for the Eighth, Ninth and Tenth Circuits was not breached during the few days that the intrusion detection software was inactive. Our computer staff has assiduously investigated every rumored firewall breach both within and outside the Ninth Circuit. Thus far, every report of an incident has proven to be groundless.
2. All the Ninth Circuit seeks is a responsible, common sense resolution of the issues involved in Internet monitoring, after careful deliberation by the Judicial Conference. Internet Security The computer and networking equipment that permits courts in the Eighth, Ninth, and Tenth Circuits to access the Internet is located in San Francisco. These Internet access servers are controlled remotely from the AO offices in Washington, D.C. The servers are protected by a security system (hardware and software) that establishes a firewall between the DCN and the greater Internet. The firewall prevents unauthorized persons (hackers) from gaining access to the DCN and PACER networks. The servers also are equipped with an intrusion detection system, consisting of internal and external sensors, which enables the AO to detect hacking attempts. The intrusion detection system has some limited capacity to stop hackers, but is not a substitute for the firewall.
The best analogy is to a locked door and a surveillance camera. It is the door that keeps intruders out. The surveillance camera simply keeps track of who tried to enter and when. At no time has the firewall protecting the DCN been deactivated. Nor is there any evidence that the firewall has been penetrated. Our systems staff hosts the Internet websites for courts in the three circuits. We have contacted all the systems managers in the three circuits and none of them report any evidence of intrusion or damage to their court web sites. Furthermore, the current debate has nothing to do with the PACER network on which the court Pacernet, Electronic Case Filing, and Internet web servers reside, a point that is confused in Director Mecham's June 15 memorandum. These websites are protected by a separate arm of the intrusion detection system, which was unaffected by the actions of our judicial council. The PACER network's intrusion detection sensor was never touched, and thus continually operational during the period in question.
Internet Monitoring
The intrusion detection system also can be used for purposes unrelated to security, such as use of Internet bandwidth (capacity). In this case, the AO had configured part of the system to identify individual computers within the DCN that had been used to access Internet sites dealing with pornography, music, stock trading, and gambling. Information gleaned from this surveillance was being used by the AO to seek disciplinary action against court employees. On May 23-24, 2001, AO monitoring was discussed by both the Executive Committee of the Ninth Circuit Court of Appeals and the Judicial Council of the Ninth Circuit. Reaction from both bodies was sharply negative. The Executive Committee adopted a resolution urging the Judicial Council to direct that the relevant internal intrusion detection system be disconnected until such time as the AO agreed to use it for security monitoring only. The resolution was passed unanimously by the Judicial Council. The circuit executive immediately disconnected the relevant internal intrusion detection system and notified the chief judges of the Eighth and Tenth Circuits and the AO of this action. As it turned out, the relevant portion of the intrusion detection system had shut down on its own sometime over the previous five days. This shutdown apparently went unnoticed by AO systems staff, which is responsible for DCN monitoring, 24 hours a day, seven days a week.
Our Reasons
The Judicial Council of the Ninth Circuit took these actions for the following reasons:
1. We are concerned about the propriety, and even the legality, of monitoring Internet usage by court employees. A non-frivolous argument can be made that such activity violates the Electronic Communications Privacy Act of 1986, 18 U.S.C. 2510-2511, which imposes civil and criminal liability on any person "who intentionally intercepts . . . any wire, oral or electronic communication." This is of particular concern in our Circuit because of the construction given the Act in Konop v. Hawaiian Airlines, 236 F. 3d 1035, 1046 (9th Cir. 2001), which found liability when an employer accessed an employee website. The Act defines "electronic communication" quite broadly, including "any transfer of signs, signals, writing, images, sounds, date or intelligence of any nature." 18 U.S.C. 2510(12).
2. We are particularly concerned that inadequate notice about the practice of monitoring had been provided to the judges and court staff. Most judges felt that surveillance of individual Internet activity as a means of enforcing an Internet policy without notice to the employee was inappropriate. If such an activity were to be put in place, it ought to be the result of official action of the Judicial Conference with notification to court staff.
3. We believe that there had been inadequate discussion about this policy and practice by the Judicial Conference of the United States. Indeed, it appeared to us that surveillance of employees and possibly even judges had been initiated without specific authority from the Judicial Conference or the Executive Committee. Judges were also concerned that the policy had been implemented without the input and consideration given other similar actions, such as the protection of privacy in electronic case filing. Many judges were concerned about the potential scope of the monitoring. The system has the potential to allow real time observation of individual Internet activity. Indeed, virtually the only function of the "inside" sensor is to monitor the Internet activities of court personnel, not to track incoming Internet activity. Much of the monitoring was not driven by bandwidth concerns, but content detection. Judges believed that a careful policy needed to be in place defining the scope of any monitoring and disclosure of monitoring results.
4. We are concerned about chief judges being asked to report to the AO on actions they may have taken. This is particularly troublesome without Judicial Conference policy directives. Why should a chief judge respond to the AO? Moreover, if a chief judge chooses not to respond, what would the AO believe is the appropriate next step? What is the basis for this? Since there is a "perk" aspect to some Internet use, how much privacy should be given to courtpersonnel? If an employee engages in phone sex at work or places bets over the phone to his/her bookie, it would be embarrassing to the Judiciary, but we do not monitor all Judiciary personnel's phone calls to try to catch such potentially embarrassing conduct.
5. We are concerned that the definition of "inappropriate use" is too broad or might otherwise not be accepted by many chief judges. We are not convinced that downloading music or video files compromised bandwidth to the extent meriting monitoring. Many judges believe that less intrusive methods of administering an Internet policy ought to be pursued before actually conducting surveillance on employee Internet activity. Most court units have only just begun to educate and inform court staff about Internet concerns, particularly bandwidth usage. For example, many employees who were simply innocently unaware of bandwidth consequences would "stream" audio newscasts, particularly during the recent election and aftermath. In many court units, this practice was not against any official policy. Some judges believe that we ought to give court units an opportunity to address this in the first instance before monitoring.
6. Many judges were concerned that recording and monitoring information kept by the AO would be an inevitable part of any Senate confirmation process. In addition, some judges observed that if limiting embarrassment were the goal, we were creating great potential for embarrassment by intercepting, organizing and summarizing this material.
The Judicial Council of the Ninth Circuit fully supports legitimate system monitoring to detect hackers and outside threats to the security of the DCN. It believes that to the extent that the Committee on Automation and Technology and the Judicial Conference of the United States authorized any monitoring to date, it was for purposes of detecting hackers. The council does not believe that the judiciary leadership intended the process to be used to monitor the activity of judges and court personnel with the concomitant disciplinary action
sought by the AO.Next Steps
The Executive Committee of the Judicial Conference of the United States has directed the AO to cease monitoring for non-security purposes and asked the Conference's Automation and Technology Committee to develop a policy before the full Conference meets. The Automation and Technology Committee has formed a subcommittee that is looking into the issue.
Our need as a Judiciary to discuss these important issues and formulate an informed, legally viable and necessary policy is indeed the original point raised many months ago by our circuit executive with the Administrative Office. We gain nothing by disparaging each others' motives or by engaging in threats, but gain everything from a full, accurate, and candid discussion of the important issues at the heart of this problem. We in the Ninth Circuit welcome the opportunity to participate in that discussion.
Well, if they notify you upon receipt of employment
Except that NOBODY notifies employees of policy concurrently with the offer. The policy notification only happens *after* you have started the new job, when they have you over a barrel. And they change policies freely during your employment, leaving you no choice but to accept or walk out. This is a significant power differential, and it suggests that these are not "contracts freely entered into", but that there is some measure of coercion involved.
For further proof, imagine asking for a copy of the employee handbook in an interview. Do you think you'll get that offer? I'll bet it wouldn't help your chances. That says volumes about the coercive nature of this so-called "contract".
Think of it this way: Users should have the ability to maximize performance and reduce overhead, just like admins.
sulli
RTFJ.
Being monitored in the workplace isn't so bad..Just ask Microsoft CEO Steve Ballmer.
Bowie J. Poag
Note that in the article, Judge Kozinski is reported to state in a memorandum that he believes monitoring for content is a violation of anti-wiretap statute. This is independent of whether the judges themselves or the judiciary employees want to avoid monitoring for idealistic and legalistic reasons or simply as an end-run around being caught downloading MP3s, AVIs, inappropriate content for the workplace, or simply stealing the bandwidth provided to them as a matter of course for their use in their employment. Don't forget that the judges are employed by us (the taxpayers) via the government to administer and adjudicate the laws that are created by the legislative and executive branches that we choose to elect.
I didn't elect them to use workplace time and equipment for personal use. Now I agree with Kozinski that if this policy was not well-articulated, then it is wrong for monitoring to be allowed to occur. But I also feel that it is not appropriate to suck bandwidth or waste time on the company dime. Especially when that company dime came from my pocket via taxes.
I also feel that if the company or gov't office allows people to use telephones to make personal calls, they ought to allow some leeway in using internet bandwidth for personal use.
But since it would be inappropriate to use the office telephone system to call Mabel in Australia every day from the AOC office in the U.S.A., it would be just as inappropriate to waste huge amounts of bandwidth for MP3's (unless you are Judge Marilyn Patel, working on the Napster case), porn (unless you are working on a porn-related case), or even voice-over-IP phone calls (unless you are going to work on that case that ATT, MCI, et al, all WANT to file!).
Login schmogin; try replacing the "www" in the URL with "archive" and you'll go straight to the page, no messing. This always works just fine for me.
Ah but you are using THEIR bandwidth and THEIR time (THEY are PAYING you to be there to do whatever it is you do - NOT to download ISOs and not to listen to music. If your boss says okay - then its okay. If you did not ask or especially if he or 'someone in corporate' said no - then youre not suposed to do it - EVEN IF *YOU* THINK IT IS OKAY Im starting to see a weird patern in /.'s that just do what they think is right - IE writing an anti code red worm that nukes the partition 'because if they didnt patch it - they deserve it'.
The ultimate network admin tool needs HELP!
One thing I noticed half-way through the article was a reference to employees being disciplined despite not being made aware of the policy. This is illegal.
.mov or .rm file, but unless the site has sexually explicit content we don't bother investigating.
Is a company monitoring your actions while at work illegal? Well, if they notify you upon receipt of employment they will not tolerate certain acts (sexual harrassment, firearms, smoking, downloading streaming video) then you have a choice. Take that job and follow the rules... or don't. It's that simple. Since the equipment you are using belongs to the employers and the bandwidth you are using belongs to the employers, they have the right to state any policy they want.
Monitoring isn't bad. As a security guy, we have to monitor people daily. For instance, we watch any downloads >10MB and do content filtering... sometimes we need to investigate exactly what a user has been downloading. We watch files over 10MB because there isn't much that is downloaded over 10MB, and we only have maybe 25-30 legit downloads per day that are that size. Sometimes we see someone downloading a
It IS in our company policy that using company computers for downloading pornography is illegal and all employees are made aware of this through a signed statement they return to H.R. upon being hired and through a mention of it at orientation at their first day of work.
It isn't illegal to do this, unless the company doesn't tell you they are doing it. If they use a "full disclosure" policy regarding things like this, then this is and should be completely legal.
you mean www.stand.org.uk.. www.stand.org is a US based charity, nothing to do with the UK one.
Not to single you out (ok, so I am), but you and several others appear to be missing the point. Yes, I believe that such uses of employer's computers are just wrong. But that's not really the issue here. The issue is instead the methods by which they were being monitored. If I walked up to my boss and made some side comment about how I was using my computer to watch videos during the day, then he'd have the right to fire me. On the other hand, if my employer uses stealthy monitoring tools to "spy" on me while I work, this is an invasion of my privacy, and in my mind no different that tapping my phone without a warrant. Just wait till somebody monitors you and cans you for some pornography popover that came up while you were reading an article on *news source X* about a new deal between your company and another.
GreyPoopon
--
Why is it I can write insightful comments but can't come up with a clever signature?
"the days before the software was disabled, there were hundreds of attempts at intrusion into the judiciary's network from places like China and Iran. "
How does Monitoring Software == firewall software all of a sudden? Please don't tell me that their monitoring software is also a "personal firewall" package. If they're relying on firewalling at the workstation level then all of my faith in the judicial system is lost. "We didn't have the staff to support a redundant SOHO system so we ordered up a few copies of Norton's Personal Firewall". Oh, the humanity!
There is no reasonable defense against an idiot with an agenda
:wq
You can thank all the lawyers in the nation for starting this censoring craze. A woman for example might be fired for being incompetent but knows the boss goes to penthouse.com. She can sue her boss for sexual discrimination. A sleazy lawyer can say "hey he looks at porn all day long. Does he look at all women like sex objects and not as competent employees?"
On the other side someone could sue on constitutional grounds of freedom of speech for things such as email monitoring and blocking. But now the New York state supreme court itself questioned the legality and it opened the door to hundreds of potential lawsuits. After all in the lawyers eyes a state supreme court itself questioned the legality. If I were a HR manager, I would be pretty pissed. On hand you can risk being sued if you don't monitor through sexual discrimination and on the other hand through abusive searches and preventing freedom of speech. So what is a workplace suppose to do?
I suppose the real question is with the privacy laws. I am in favor of corporation monitoring only under the condition that they do it under their own office with their own equipment during work hours. I believe we have no right to privacy other then the government cannot prosecute you with evidence taken without a search warrant. A private enterprise is not a government so it has a right to search its own computers. We never did have freedom of speech at work. Can a cuss in front of my boss or bosses boss or have any opinion or believe I want while on the job? I didn't think so and it's ok because a corporation is not a government. Think not about the costs of bandwidth and productivity but the costs of potential lawsuits.
http://saveie6.com/
Judge not lest ye be judged... or something like that.
I've hit Karma 50 and gotten a Score:5, Troll... I win!
Don't try to make this out to be more than it really is. This is just a bunch of co-workers using their own smarts to get around the IT department.
Any appeals in Dmitry Sklyarov's case will go to the 9th Circuit, which is just one rung below the Supreme Court (and in fact, is the final say in most cases; only about 2% of cases appealed from Circuit Courts of Appeal are ever accepted for review by the Supreme Court.) It's cool that we have judges so high up the ladder who have a sense of individual liberties and enough tech know-how to work around The System to achieve it.
IANAL
Understanding that the browser was NOT an intrinsic part of the operating system, for example would have taken all of 60 seconds.
Curious George
***General Consultant to the Human Race*** My opinions are free. You get what you pay for.
If stupid laws and practices affected judges more often, I think we'd get better outcomes of cases.
It's obvious a lot of this monitoring goes over the line.
Too bad "judge" Kaplan didn't have a kid who downloaded Metallica and was one of the 300,000 kicked off, etc, or liked to buy out of region DVD's.
The more pissed off judges get the better.
=== The price of freedom is eternal vigilance
I work for a consulting firm that does a great deal of work for the government. If I'm surfing porn or whatever during their time, then that's not a legitimate use.
Mass downloading on the other hand is something else entirely. As I type, I have slackware 8.0 downloading and I regularly listen to streaming radio feeds while I'm doing my work. Those are the uses that I think are the most important. IMHO, It's no different from having the radio on or listening to a cd.
http://archive.nytimes.com/2001/08/08/national/08C OUR.html
Control your enthusiasm. While they may have shut off the software, this will almost certainly be a "Do as I say not as I do." result. Consider that most judges who break the speed limit getting into court are probably not revoking their own licenses.
Workplace monitoring is here to stay and has been upheld too often for it to be easily overturned. Any case brought to challenge would have to be in the legislature and the infamous "What do you have to hide" mentality will hold most representatives at bay.
Sad but true...
Better to remain silent and thought a fool than to speak and remove all doubt
US Court of Appeals.
http://www.ca9.uscourts.gov/
Then the US Supreme Court, which may or may not hear it.
http://www.supremecourtus.gov/
Good: You can use systems that anonymously monitor the use of the Internet in a department. This is interesting, as it would allow detecting possible "problems". If the survey showed that X % downloaded porn when they worked, the department would be able to raise the issue and start setting focus on the problem (if it is considered a problem).
Bad: On the other hand, monitoring personal information would target everyone, and would force any worker in the department to become paranoid. This would lead the way to do personal manhunts, and would be a very bad thing.
-:) Oh no - not again.
www.rednebula.com
We keep talking about monitoring at the workplace -- I am all for *if* it is aimed at:
a) making sure that nothing "outside the law" is taking place
b) making sure that its not being over done by utilizing company and work bandwidth.
HOWEVER, what I don't see being studied and reported on is, if letting employee surf at work is adding value to their productivity and therefore to the company. For example, it is a fact that listening to music (via radio, et. al.) is a way to improve ones productivity. Doesn't surfing improve productivity as a way of taking break, et. al.?
Can we for once get some study done on this "monitoring" stuff from a positive angle please?
Karma stuck at 50? Add 2-5 inches.. err.. 2-5x Karmas Count to your pen1es.. err.. Karma all naturally and private
is that the higher-ups only begin to question the legality/ethics of software monitoring when it happens to them directly.
Although I'm not a big fan of workplace monitoring, this instance smacks of that guy whose neighbor told him about the how p2p likes to find kids, give them pr0n and take their bikes.
In a perfect world, the folks in D.C. would listen to the concerns of those of us who are bugged by privacy intrusions when they first start. I guess I'm not really one to complain, since I've never written a letter to my congressdude.
Maybe we should start writing. That way we'll be justified in complaining when congressmen/judges only care about things affecting them directly, or when they hear it from their neighbor's kid's cat.
If you had phone sex with your lover from the office phone, it would be just as inappropriate as if you were surfing porn or boinking a co-worker in the supply closet. However, a company cannot ethically monitor it's employees just because their employees may be doing somthing inappropriate on company time.
If a company wants to monitor IP traffic, it should be held to the same legal standards as one that wants to bug the telephones or put up spy cameras. Even at the office, there are certian expectations of personal privacy which an employer may not violate.
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
Actually I can give you a fairly accurate phyc profile of most any government administrator.
1. They know very little about what they are supposedly in charge of.. Example: his whining about how turning off the "watch-the-judge" software will allow hackers in.
2. they are power freaks. They got their job by either stabbing others in the back or because noone else wanted the job so the powerfreak took it. Generally these types of people are Social misfits.
3. Whiney. Almost every one of them get pissy and act like 9 year olds when their "orders" are countermanded. They hate employees that tell them to go to hell when they say " I order you to do this" and they pout and whine when the Unin files greviances against them for being a-holes or just plain stupid.
Go to any level of government, local to federal.. These are people who could not make it in the private sector, and act like spoiled brats. and it is prevalent in any position where they are over any amount of people.
Do not look at laser with remaining good eye.
This story shows that the best way to get legal action going is to piss off someone who can make it happen. Rip off a lawyer, invade the privacy of a judge.... They don't care about my ability to access porn at work, but take away theirs and it's the biggest courtroom issue since OJ and the bloody glove.
Maybe there's a judge somewhere who misses Napster and can bring legal action against the RIAA for shutting that service down. That might be why the DOJ is investigating the music industry: the lawyers want their free music back.
== Paul Rickard, Editor of The Microsoft Boycott Campaign ====
Whether or not society allow corporations to take away privacy is entirely up to society.
The right to incorporate is no inherent natural right - it is a privilege granted by the people via their governments. It originated as royal orders to create a "virtual person" with rights defined in a charter. Even today most corporations are governed by a charter, but the charter granted is usually much wider.
In most states in the US laws have been or is on the book to allow the legislatures in the respective states to dictate the contents of the charter on a case by case basis, to limit the time the charter is granted for (a charter used to be time limited), and even to dissolve the corporation if it is decided that it does not serve the public.
Revoking charters used to be common if a corporation was seen as abusing the powers granted to it by the people, and restricting privacy for its employers could quite well have been considered as abusing its powers.
A corporation in the US can still in many states be argued to have no "rights" other than what is granted to it by the legislature. Some may say its unfortunate that its now uncommon for the legislatures to write, rewrite or revoke charters on case by case basis...
(Information about charter revocations in the US can be found here)
Curious George
***General Consultant to the Human Race*** My opinions are free. You get what you pay for.
It is all fun and games till a judge loses his p0rn.
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
It's their computer equipment, their buildings, their officespaces... let them do with their property what they want. Let them monitor all they want.
I don't want anyone telling me what I can do with my computer, so if I want to monitor my computer I will. Same with the employers: if they want to
monitor their computers they should be able to.
I consider it a huge inconsistancy in nerd viewpoints that they want freedom for themselves (let me put whatever OS I want on my computer!) but not for some other groups (don't you DARE monitor what goes on on your computer while your employee is using it!).
If you don't want to be monitored, don't work there. It's that simple.
And then there's the solution that the employees can always insist that the executives of the company are monitored too and everyones' records are made available to both employees and stockholders. After all, I'm sure the stockholders will go for any proposal that would increase productivity from the executives too.
The key is to leave the decision to monitor or not to the company itself, and not the government.
As for numbers of attempts. Literally thousands in a week.
What is not clearly stated is that the AO installed IDS equipment both outside and inside the 9th Circuit gateway. The equipment disabled was the inside equipment. So there was never any security risk.
A bunch of judges decide take a stand against some bureaucrats who wanted to monitor their computer usage. Like I said: Oo-o-oh! What bravery. If you and I were to do that in our workplaces, we'd soon find that we'd be providing our professional services elsewhere. I'm not sure about New York but a lot of the judges here in Illinois are elected and it's pretty hard to get rid of them. Pretty easy to take such a stand when there are, essentially, no consequences. I wouldn't count on seeing these guys written about if Profiles in Courage II ever comes out.
Try siding with employees the next time a case involving workplace monitoring is brought to trial in your courtrooms. Then maybe this'll mean something.
CUR ALLOC 20195.....5804M
Well... He's only parroting what what they told him in MCSE class!
CUR ALLOC 20195.....5804M
In the article, Mr Mecham, who is the it person, stated:
'After the shutdown, Mr. Mecham complained in a memorandum that disconnecting the software was irresponsible and might have resulted in security breaches, allowing unauthorized outsiders access to the judiciary's internal confidential computer network. "The weeklong shutdown put the entire judiciary's data communication network at risk," he wrote on June 15.'
This it total FUD! How can a monitoring program on a judges workstation have ANY effect on the integrity of the firewall. I don't know of any firewall that requires client programs on end users workstations to be active in order to maintain protection.
I've got a couple of questions about the article though. Firstly, it says:
Anyone got any idea how many such attempts a network like this typically gets? I'm guessing it'd be a similar number regardless of the filters, but there's plenty of people here who've got more experience than me.Secondly, how do these monitors work? I ask, because I'm amazed that disabling content monitors would constitute a security risk of the sort they're talking about. Surely they just log what each user is downloading, rather than actively blocking content or attempts to connect to the network. They're not even filters, just logs!
If you'd bothered to read the fascinating article, you'd have seen that the NYT explicitly says: "There is no evidence that any alleged abuse involves judges." Just so you know.
And in fact, the issues they are worried about are :
- Judge Alex Kozinski, a member of the Ninth Circuit appeals court, [argues] that the monitoring was a violation of anti- wiretap statute.
- "Aside from my view that this may be a felony, it is something that we as federal judges have jurisdiction to consider. We have to pass on this very kind of conduct in the private sphere."
- "In fact, the issues of what is permissible by employers have produced a patchwork of legal rulings and the matter has never been addressed directly by the Supreme Court."
That's what they are worried about. And as for using their tech smarts: they just ordered their sysadmin to disable monitoring software. Try reading the article, mmmkay?"I will take the Ring," he said, "though I do not know the way."
After reading this I was reminded of the computer forensics "How-To" article in Computer World 7/9/01, http://www.computerworld.com/community/security/se curity_manager/0,,NAV65-663_STO61959,00.html . In which a company visits the desktop machine late at night and copies the hard drive for later study. Thinking about it even more it seems like you could just backup the client hard drives each night then scan the "data" for interesting items. To completely automate the system you could just e-mail HR the violation information for appropriate action. "Please fire so-and-so, they visited web site such-and-such from a company machine, twice today!"
I've found over the years that there is often a correlation between an employee's time spent inappropriately browsing the WWW and job performance. My personal policy has always been to trust employees and reward good job performance.
In the rare case that an employee breaks the laws of the land we've been able to retroactively piece together the evidence needed by the police from logs and backup tapes. May not be as proactive as real time monitoring but it seems to be just as effective.
As for security threats. There are lots of ways to prevent viruses and system compromises that don't involve monitoring what client users are browsing on the internet.
I think if management came to me and asked that we monitor computer usage by employees I'd suggest that we find new supervisors who are more in touch with the day to day activities of their charges.
Which reminds me, do you monitor your children's internet activities? I personally just put the computer in a public place in the house (like the kitchen) and make a point of walking by it every once and a while.