Instant Message, Instant Transcript

shams42 writes: "Although the internet has been far from private for some time now, it seems that public awareness and concern over this issue is mounting. This article at CNN discusses the issue of companies monitoring instant messages for cyberslacking or leaking company secrets. There is also the possibility of them being included as evidence in court cases."

Re:simple solution

[Nonesuch]

IMHO, a 'good employer' does not bother to look unless the employee causes some other problem. The one case I had dealt with was related to using IRC from the office, and the abuser was fired that same day.

I've not heard of an employer that monitors Port 22, and even if they did, it's encrypted so they can't pick up what you said.

Every corporate site I have been at, will block port 22 outbound.

Best program for this is PuTTY (assuming you use NT at work)

If your employer is nosy enough to be sniffing your IM sessions, they are probably also nosy enough to install LanDesk and/or other software on the desktop for remote screen viewing, keystroke logging, etc.

The whole thing assumes you are using *n?x at home and can run an SSH daemon on it.

People that clueful generally have better things to do with their time than instant messaging.

(Says the guy posting to slashdot in the middle of the night)

I still don't get this....

[Peridriga]

Privacy at the work place...

You are in a building that you don't own..
You are sitting in a chair that you don't own
You are using a computer that you don't own
You are using a network that you don't own
You are using bandwidth that you don't own

Why do you have any expectation of privacy?

It's simply a given.... If I am talking on my cell phone in the middle of the IT department I have no expectation of privacy...
If I am 'yelling' my conversations over the network why do I have expectation of privacy...

If I want to chat personally or sell company secrets I will do it at my home where I DO have privacy... But, not at work

Re:I still don't get this....

[The+Cat]

Why do you have any expectation of privacy?

Because you're a human being with human rights. One of those rights is freedom of speech, and part of that freedom is the ability to control when, where and to whom to speak. The speech is what should be protected, not the company's stupid network.

If they don't want to hire people, fine. Let them buy an M$ wizzzzzzzard to set up their databases and sit in meetings. But if they want hard-working, knowledgeable, imaginative people, then they are going to have to accept the fact that they are HUMAN BEINGS, not machines.

Just because you're in a "building you don't own" doesn't mean you have to hand over control of your entire life to some middle-manager.

People are people FIRST, then "employees." This "the company rules the universe" routine is getting REALLY fatiguing.

Ah yes

[The+Cat]

The famous workplace, where your freedom is checked at the door.

For people so concerned with freedom, it is astonishing that the entirety of a person's basic rights are handed over like a movie ticket once the workday begins.

And to top it all off, everyone DEFENDS this by saying, "well, they sign your paycheck."

Newsflash: signing a paycheck != control someone's life.

Here are people who tell you what to do 40, 50, 60 hours a week. What time to sleep. How long to spend eating. What kind of house you can buy. Where you must live. What to say. How to dress. How many phone calls to make. What web sites to visit. And so on. It's worse than grade school. If you don't like it, you're "downsized."

Personal life is not to interfere in the workday. No personal activities of any kind are to be conducted at work, unless you're a manager and you have kids. Then you can "take the afternoon off" or leave early on Friday any time you feel like it. All time off is given begrudgingly, even if it is pre-approved.

Now they'll just help themselves to every word typed or spoken during the workday. Excuse me, but why is the workplace exempt from a person's inalienable rights? Why are companies allowed to treat people this way? Why is a paycheck carte blanche to control someone's life?

If it isn't company business, PAYCHECK OR NOT, it isn't company business. Period. People should be given the freedom to be people before corporate drones.

Re:Ah yes

[ryanvm]

If it isn't company business, PAYCHECK OR NOT, it isn't company business. Period. People should be given the freedom to be people before corporate drones.

Who are you, Bodhi from Point Blank?

No one forces you to take a job. When you do, you engage in a contract with your employer. It says I will provide X amount of hours of labor for X amount of wages. If you are fucking off chatting with your warez buddies on AIM, than you are not fulfilling your end of the bargain. You are ripping off your employer. Period.

If I pay someone to dig holes for me for 1 hour, then I am entitled stand beside him and make sure he digs for that hour. Even moreso if he's using my shovel. Why do you think that because you work with computer equipment that you are special? It's the same thing.

Excuse me, but why is the workplace exempt from a person's inalienable rights?

I don't think you understand. You do not have an inalienable right to use other people's equipment to chat on the Internet. If you want to do that - do it at home, where you pay for it.

Your "likeness" and natural copyright

[hyrdra]

This may sound strange, but if a company is recording your chat sessions, instant messages, or e-mail communications, you can sue them for copyright infringement.

Sure, it would get all the merit of some of the recent patent lawsuits, but it's perfectly legal. At work, you have no expectation of privacy and often you even explicitly waive these rights by AUPs, as others have mentioned, so you have no legal high ground.

However of all the AUPs I have seen, none mention the property transfer of your communications, which are effectively your thoughts and are unique to you. This is called your "likeness". You are expressing it in your messages and chat transcripts, and by your employer snooping on you and storing records, they are effectively "copying" your copyrighted material, which you can claim copyright to.

Unless you're in a contract situation, the only works your company owns are those, which it has commissioned. Despite popular belief, it doesn't own everything you do at work -- only the work from your assigned tasks/projects/whatever.

I am no legal expert by any means, but at lunch with a lawyer friend I brought this issue up, and he said if he had a client in this situation he would have whatever logs found non-admissible due to copyright infringement. He then told me about likeness and how it can be used against an employer and possibly even to be on the plaintiff side of a suit. I found it interesting he would challenge this privacy issue from this interesting angle.

I guess you're best actually doing work while at work. If you must have security, use the various methods of encryption. Don't be stupid. :-)

Traffic analysis

[driehuis]

Even when you encrypt your traffic, it will not protect you from traffic analysis.

I happen to be the dude in between management and the users on my site. I refuse to eavesdrop on my users. Not all of my users realize it, but we've got a pretty liberal policy (don't break the law, don't be offensive to others, don't use excessive bandwidth during business hours; that basically sums it up).

Some of my users know me for cracking down on porn or MP3 downloads, and think I'm reading their every keystroke. Because if I wasn't, then how would I know that they were doing stuff that they weren't supposed to do?

The reality is, when I get complaints about Internet performance, I run some quick scripts on the logs to find out who is hogging the system. If, after eliminating the obvious business use connections, I'm left with a top ten and number two is downloading a gazillion of .xls spreadsheets from an server in Poland and all the URL's have /..%20%20/ in the path, I give that user a call.

Usually, the user will accept the lecture that his contractual obligation to stick to the corporate guidelines is not optional. I sometimes learn through the grapevine that such a user thinks I'm a fascist. So be it. If other people can't work because of egregious abuse, I have to intervene.

Do I even look at the stuff they're downloading? Not if I can avoid it. The only times I look at what they're downloading is when they start yanking my chain, giving me the go around that there is no law against downloading Warez or porn. Maybe there isn't, I've got no clue. I do know what's in their contracts though.

Most of these issues are dealt with amically. People sometimes don't realize how big their impact on the corporate network is, and even if they do I usually let them get away with it if the abuse stops. They're usually pretty happy when I tell them I've got no clue what they were downloading, but could find out when forced to.

Over the last year, IM became a bit of an issue because of the way their stupid tools communicated (if only they used persistent connections they'd fly right under the radar). At some stage, 30% of our proxies capacity was used to serve a few dozen IM sessions and it really started to hurt web performance.

It's always funny when they let it escalate to management level, and I can at that stage let them rant about the invasion of their presumed privacy, and then drop the bombshell that I didn't even look at what they were downloading, and that it was trivial traffic analysis that gave them away, and that the reason they were in that meeting was because they incriminated themselves.