Slashdot Mirror

← Back to Stories (view on slashdot.org)

Conspiring Against Your Employer? Watch What You Email

Posted by michael on from the 0wnz0red dept.

Eric Giguere writes "In a story that has Bay Street (the Canadian equivalent of Wall Street) in a kerfuffle, the Globe and Mail writes that bank employees defecting to set up a rival investment firm didn't realize that their employer could easily track the emails and messages they sent and received, even when they're sent via a nominally-secure system like RIM's BlackBerry. In particular, the employees were assuming that the messages they sent via direct PIN-to-PIN communication (a PIN uniquely identifies a BlackBerry device) weren't trackable. But if they're on the device, they're available to the employer to see. The employees may also have thought that PIN-to-PIN messages are encrypted, though RIM has always said that they're not -- it's only the connection to the corporate email server that is secure. A lot of damning information pulled from those emails and messages has made its way into a lawsuit."

45 of 420 comments (clear)

  1. Can I be the first to say "duh"? by the_mad_poster · · Score: 4, Insightful

    Honestly now, any communication that passes through any computer controlled by your company can be seen. Even if they were encrypted, if, at any point they are EVER stored outside of volatile memory unencrypted, they're available.

    If you're doing something with their resources like plotting against them... well...

    --
    Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
    1. Re:Can I be the first to say "duh"? by Anonymous Coward · · Score: 3, Insightful

      I don't understand why it's not simple for people to understand. it's not your computer, it's not your network, it's not your e-mail: you are NOT protected.

    2. Re:Can I be the first to say "duh"? by Honig+the+Apothecary · · Score: 2, Insightful
      Because people are fucking dumb?
      I mean seriously, how dense to you have to be to realize that there is no expectation of privacy at work. It is usually spelled out in the policies. If they own or pay for the computer, the network, or whatever other methods your connect with, they are going to be able to know what is passing between those devices.

      Duh.

    3. Re:Can I be the first to say "duh"? by Errtu76 · · Score: 2, Interesting

      *can*, yes. But is it legally allowed? I know for a fact that in the Netherlands (where i live) it's illegal to 'spy' on your users, and then use that obtained information. Even if we saw an email from one of our users that contains illegal/damaging information we can't do anything as this would be a violation of the user's privacy.

    4. Re:Can I be the first to say "duh"? by archmedes5 · · Score: 2, Insightful

      This isn't an ISP spying in users who pay for the service, this is a bunch of employees abusing their company resources to organize competition. The difference is, with an ISP, you pay them, they generally stay out of your business. With a company, they pay you and the computer use is there to make your job easier, not to browse the internet or talk to your friends, or in this case, conspire against the company.

      --
      Stupid is as stupid dies.
    5. Re:Can I be the first to say "duh"? by Bios_Hakr · · Score: 4, Insightful

      The thing about USian corporate culture is that even if you are technicaly right, you are still wrong. Your boss could be setting baby kittens on fire and you could be the whistleblower that puts him away. The next week, you get fired for abusing the copy machine.

      This once happened to me. A router in my area lost its config. They claimed I did it. I replied that it could have been a lazy admin never doing a "wr mem". They told me that I could either sign a confession or they'd reassign me to an outside work area while they "investigated". My boss outright told me the investigation would take months while they bounced me from area to area and shift to shift.

      Given that kind of culture, the employee always loses.

      --
      I'd rather you do it wrong, than for me to have to do it at all.
    6. Re:Can I be the first to say "duh"? by Monkelectric · · Score: 2, Informative
      A friend of mine was in a similiar situation once ... he was a manager of a starbucks, and while he was unpacking a delivery of supplies he noticed the order was wrong and said under his breath "this is fucked up."

      Two weeks later he is fired for *SEXUAL HARRASMENT* for using the word "fuck". And because he is fired for something of his fault, he is ineligable for unemployment benefits (which starbucks would have had to pay).

      Lots of places have policies to *never* fire someone. The best thing to do is to force them to fire you :)

      --

      Religion is a gateway psychosis. -- Dave Foley

    7. Re:Can I be the first to say "duh"? by Profane+MuthaFucka · · Score: 2, Insightful

      The relationships between employees and companies are never equal, unless the employees organize in some way.

      --
      Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
    8. Re:Can I be the first to say "duh"? by ifwm · · Score: 3, Insightful

      And your friend didn't sue? Your friends an idiot.

      More importantly, you've left something out, or more accurately, your friend did. He has an actionable case, but most likely, he did something else, and is passing this story off to his acquaintances. I seriously doubt it went down they way you claim.

    9. Re:Can I be the first to say "duh"? by lubricated · · Score: 2, Funny

      USian is a cross Between US and Asian. Thus if someone is either from the US or Asia they would be classified as USian. There are similar cultures between the US and Japan. Also both the US and Asia or on the pacific rim. It only makes sense to group these two together.

      --
      It has been statistically shown that helmets increase the risk of head injury.
    10. Re:Can I be the first to say "duh"? by byron036 · · Score: 2, Insightful

      The relationships between employees and companies are never equal, unless the employees organize in some way.

      The relationships between individuals and organizations are never equal, unless the individuals organize in some way.

      Unions aren't angels

  2. Silly Rabbits, its too late by Momoru · · Score: 5, Funny

    "A lot of people on the Street are going to have a few sleepless nights, going through loads of e-mail to delete them when they hear about this case"

    Although an employer sometimes can go through the emails on your harddrive, I think what the people in this article don't realize is that it sounds like emails are being intercepted at the server level. Who is stupid enough to use company email to conspire against the company? Setup a freakin gmail account and talk about it at home!

    1. Re:Silly Rabbits, its too late by Anonymous Coward · · Score: 2, Insightful
      Setup a freakin gmail account and talk about it at home!

      Yes. But, how many idiots would set up a gmail account and then use their companies computer to access that account?

    2. Re:Silly Rabbits, its too late by gstoddart · · Score: 4, Informative
      Although an employer sometimes can go through the emails on your harddrive, I think what the people in this article don't realize is that it sounds like emails are being intercepted at the server level.


      And people should realize that due to new regulatory reasons like Sorbanes-Oxley companies are required by law to perform this.

      In order that they don't get sued they need to treat e-mail as corporate records. So getting caught doing something like this is even more likely as companies make sure they can comply with that law.

      Cheers

      --
      Lost at C:>. Found at C.
  3. gratitude by Anonymous Coward · · Score: 3, Insightful

    They deserve what they get. How is that for repaying your employer? He writes you a check, puts bread on your table, and you pay him back by using his own property to steal his business. Ridiculous.

    Loyalty used to mean something in this country. I guess loyalty has gone the same way as traditional family values and faith in God.

    Things are going to have to change, people.

    Steve

    1. Re:gratitude by jridley · · Score: 4, Insightful

      I don't condone what they did, but there's no loyalty on EITHER side. Sure they write you a check, but most employers won't think twice about firing you if it suits their financial interest. If you're not getting loyalty, you tend not to give it back.
      I admire loyalty, but there are situations where it's not warranted. Most corporations have chosen not to give or reward loyalty, so they get back in turn.

    2. Re:gratitude by XMyth · · Score: 4, Funny

      Yea, damn Canadians. At least loyalty still means something in America.

    3. Re:gratitude by Sophrosyne · · Score: 2, Insightful

      ...what ever happened to that tradition where men would get married to women, then "go out for milk" to sleep with other men.
      Or the traditional family value of basically owning your wife and children... People miss "teaching others lessons" in the family.
      If you pull back that blind nostalgia those traditional family values are no different than the ethics of Victorian England.... most of the time they were all a facade.
      As intelligent people we should challenge tradition instead of complacently accepting that as good.

    4. Re:gratitude by silverbax · · Score: 4, Insightful

      "I guess loyalty has gone the same way as traditional family values and faith in God."

      Ahem.

      Over 80% of the nation's population is Christian.
      The are blue laws to prevent the sale of alcoholic beverages during certain days (Sunday) or completely in roughly 80% of the United States.

      There are over one hundred cable channels nationwide devoted entirely to Christian programming.

      Nearly very company in the U.S. is closed on Christmas.

      "In God We Trust" is printed on all U.S. money.

      And yet, every day someone claims religious persecution of the Christian religion.

    5. Re:gratitude by maxpublic · · Score: 2, Interesting

      Bullshit. These people were idiots for using company resources to talk about setting up their own firm, but loyalty of any kind doesn't enter into the equation. Capitalism relies on the exchange of goods and services, in this case labor for pay - NOT some stupid, pathetic "company uber alles!" mindset.

      Businesses pay me for my skills. They don't get my loyalty as a freebie on top of that. Companies aren't nations, aren't friends, aren't family, and they sure as hell don't deserve my devotion as a matter of course. If this is a problem for some people, they can haul their anti-capitalist asses off to some fascist shit-hole that's more to their liking.

      Max

      --
      My god carries a hammer. Your god died nailed to a tree. Any questions?
    6. Re:gratitude by WindowlessView · · Score: 3, Interesting

      Loyalty used to mean something in this country.

      Where have you been for the last twenty years?

      We can easily get in a chicken and egg argument but in my opinion this trend toward lack of loyalty was begun by employers, not their employees.

      It wasn't the employees who first went around pronouncing that the age of lifetime employment was over and people had better get used to have 2 or 3 different careers in a lifetime. It wasn't employees who decided to ship their own jobs overseas to save some money. It isn't the average worker who is pushing the trend toward hiring people with the precise skill set needed at the moment and then throwing them overboard the second they aren't needed. And god forbid a company should spend money on retraining these days.

      These guys may have been a little sleazy in how they went about things but the fact that anyone should be surprised by their behavior is astonishing - and not a little too self-righteous for my taste.

      You want traditional family values to make a comeback? How about starting with a move toward a society where the family wage earners can have some measure of stability and faith in their employer.

      --
      Leave the gun, take the cannolis.
  4. Agreed by log0n · · Score: 3, Interesting

    I can't believe that this isn't even common sense for a lot of people.

    People are either getting dumber, or too trustful - either way, one is a sure sign of another.

  5. No pity, no new violation by dreamt · · Score: 5, Insightful

    I'm sorry, but I feel no pity for people being caught this way. Its very clear when you start working somewhere that the computers you use are the property of the employer, and you should expect no privacy from these machines. They used company owned BlackBerries because they thought it would be secret (implying that they knew other company computers were not). If you use something company owned because you think it is secure, while other company propery is not secure, it just shows you dumb enough to be caught. If they were so concerned about their privacy, they should not have used any company property.

  6. OMFG by Bif+Powell · · Score: 2, Funny

    Can we please add 'kerfuffle' to the profanity filter. I don't find it profane, but I would prefer to see !#%$@#$#!@ instead.

  7. I'm a knee-jerk privacy freak, BUT by Lonesome+Squash · · Score: 3, Insightful
    the company did right here. If they DIDN'T record all employee communication, the regulators (at least those we deal with in the US) would have demanded that they do so. Not only that, but they would be leaving themselves open to customer and shareholder lawsuits. I'm sure that somewhere in the mammoth stack of forms anyone working in securities must sign when they're hired on was one saying, "No facility is provided for private electronic communication."

    The really shameful thing (aside from working on company time to screw your employer) is that these people didn't know this already. Looking at the list of those being sued, I see IT people who should have known better. Perhaps the company would have punished them more effectively by letting them go form their own company without understanding the basics of ethics, law (including allegedly trying to steal customer databases), or security.

    --
    Behold the riant ape! Beware, his crooked thumbs!
  8. Re:Another question, by lucabrasi999 · · Score: 2, Funny
    You'd think somebody trying to commit corporate espionage would be smarter wouldn't you?

    You would, but these folks were EXECUTIVES. Just by the nature of their job, they are pre-disposed to idiocy.

  9. Idiots**2 by Deep+Fried+Geekboy · · Score: 5, Interesting

    These people are in charge of your money, folks.

    They are idiots for two reasons.

    First, because they clearly acted unethically, which is the really big idiocy. I run my own company and rule number one is due diligence. I am not going to screw myself by doing something that could bite me in the ass further down the line.

    It's astonishing how many investment guys simply don't get this. I have literally had my own investment guy sit there and tell me that a particular investment 'cannot lose', in the presence of his lawyer -- who looked very uncomfortable and was forced to intervene by saying "Look, you cannot say that".

    Second, anyone who uses unencrypted email on a server they do no control, ESPECIALLY if it belongs to someone they are screwing, deserves to spend the rest of their productive years flipping burgers, or possibly stamping licence plates.

    --

    I'm not wrong. You haven't thought about it hard enough.

  10. Pardon my French... by dmuth · · Score: 2, Funny

    ...but what the hell is a "kerfuffle"?

  11. Re:In the US..... by Anonymous Coward · · Score: 5, Informative

    Investment firms must catologue all emails for compliance and SEC inspection, in fact they must be kept for years. All transmitions including company issued handheld devices are monitored by this automated system at most firms. So if their canadian counterparts have to do similar things this is to be expected and they have a record of all of your emails for years probably.

  12. Moula? by jbrw · · Score: 2, Funny

    Anyone who refers to money as moula is not getting their hands on my moula.

  13. Comment removed by account_deleted · · Score: 5, Funny

    Comment removed based on user account deletion

  14. There's loyalty, and there's loyalty... by rah1420 · · Score: 4, Insightful

    Loyalty still means something, but it may not be what you think it means.

    Look, these people were dumb, that much can be argued. They were dumb for using a monitored service to do this, and they were dumb for (ostensibly) stealing their company's resources for the purpose of setting up a competitor.

    However, you need to decouple this from the loyalty argument. The loyalty you need to have is not to your company any more. Are they loyal to you if business turns sour and they have to start slashing the payroll? Hell no. The corporate sinecure is dead. "Ma" Bell doesn't evince the image of a benevolent mother any more.

    The kind of loyalty you should have is to your projects, to your work, to you as an individual and to your Rolodex (or electronic equivalent.)

    If you live every day as if you might be laid off, working on projects that will escalate your worth and making sure that lots and lots of people know what kind of value you contribute, then you'll be better off; your customers (those who are the beneficiaries of your projects) will be better off, and your company will be better off.

    And if things should turn sour, then you shrug your shoulders, get your Rolodex out and start calling.

    So instead of "Logo Loyalty" you should cultivate "Rolodex Loyalty" (thanks, Tom Peters.)

    --
    Mit der Dummheit kämpfen Götter selbst vergebens.
  15. decent crypto, properly used by Frogg · · Score: 2, Insightful

    sorry, but if i was trying to pull a fast one on my current place of employment (or otherwise rip someone off, or carry out some kind of espionage), i'd be a total fool to think any existing comms channels were secure -- /without/ having put in my own layer of encryption, to which only i have the key/passphrase.

    install gpg, or worse than nothing, use s/mime - but if you need to ensure privacy, you need to have (put) your own privacy layer in place.

    (it's no good hoping and relying on magic pixies)

  16. Lesson in stupidity by Matey-O · · Score: 2, Insightful

    Rule #0: If you're planning on screwing over your employer (an ethical conundrum all by itself), try not to use the employers resources to do so.

    That means: keep the bits off their infrastructure. ALL of it.

    --
    "Draco dormiens nunquam titillandus."
  17. ssh and silc via blackberry by gmailflows · · Score: 2, Interesting

    It is quite silly to think that Email is secure in today's day and age, however what none of these bankers considered was using ssh and then say something like silc to have a secure conversation. Most large institutions with RIM have the BES and thus using ssh is an option. which is certainly more secure than email, but is it totally secure? Or still prone to eavesdropping?

    1. Re:ssh and silc via blackberry by Eric+Giguere · · Score: 4, Informative

      Most large institutions have a BES, yes, but not all of them have the Mobile Data Service (MDS) enabled, which is what you'd need to run something like that. Without MDS, the BES is really only about getting email and PIM stuff in and out of the corporate mail server.

      Eric
  18. Just like my workplace. by rayd75 · · Score: 2, Insightful

    To use a cliché, I'd be rich if I had a nickel for every time I've seen an employee frantically clear his or her browser cache or send an email then delete it from the sent items folder. Surprise! The device on your desktop is not the center of the universe! Maybe abiding by policies and staying away from any shady dealings is a better way to cover your ass.

  19. Looting != protected concerted activity under NLRA by holt_rpi · · Score: 3, Informative
    If you're acting with others for the mutual aid and protection of yourself and other coworkers, in the US you're protected by Section 7 of the National Labor Relations Act. A somewhat recent case highlights the NLRB's deference to email as well as other forms of communication:

    In one case, the NLRB held that email communication may qualify as "protected concerted activity" under the NLRA. In Timekeeping Systems, Inc., 323 NLRB 244 (1997), the NLRB reversed the discharge of an Ohio computer programmer who criticized a new company vacation policy via e-mail. The NLRB concluded that because the employee's email message primarily sought the assistance of other employees in getting the old vacation policy reinstated, it qualified as a form of concerted activity.

    The NLRB agreed that the tenor of the employee's message was derisive, but it did not feel the message was offensive enough to lose the protection of the NLRA.


    I don't think "hey, let's blow this popsicle stand and take all of its business with it" qualifies as "protected concerted activity" under the act, even if it had occurred within the US NLRB's jurisdiction.

    However, don't let this dissuade you from working together to improve your workplace under the protections of Section 7. You should, however, try to avoid using company-owned computer systems for obvious reasons. (They own them, they can read whatever they want on them, you have no expectation of privacy on them.)
  20. This happened to my old ex-boss! by Sethseekstruth · · Score: 2, Interesting

    This exact thing, getting caught in a conspiracy to leave the company, happened to my boss and a coworker. I was working away, and they were both told to clear out thier desks, and I was then called into the HR office. I was told that my boss and co-worker sent emails back and forth on company machines that said things like "we are going to rip these morons off so bad". They actually discussed inviting me and a secrty. to join the company they were going to start up, but decided to not take because I would not go along. They also defraued the compny by faking orders and ended up in criminal cout last I heard. the fired boss was the one who hired me, and the atmosphere was poisioned and I eneded up getting canned myself a few months later, but with a nice severance package.

    --
    http://www.geocities.com/sethseekstruth/great_outd oors.html
  21. Not to be trusted by canuck57 · · Score: 2, Interesting

    In reading the replies to this post it is clear there are two camps. One which says they were stupid to get caught and the other that has no pity.

    Remember, these turncoats gladly accepted a pay cheque to be a representative of their company. Their actions could cause the company to lay off people, perhaps you if it causes financial harm.

    I for one would not look forward to calling one of these turncoats a friend. It would only be a mater of time before they framed me for their own gain.

    Let these turkeys fry

  22. Silly Rabbits should not start businesses by museumpeace · · Score: 4, Insightful

    The naive emails were being exchanged for the purpose of starting an investment company! would you give a nickle to a banker or broker who was that clueless?
    it would cost the employer less to take out an add in the financial section pointing out that the upstart company was demonstrably dishonest and joining a competitive race with its intellectual pants down around its ankles than it would to sue the dummies.

    --
    SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
  23. How to Get Away With It by lukewarmfusion · · Score: 4, Interesting

    I just started my own company, directly competing with my previous employer. I spent nearly eight months on their payroll while I began up my own business and sought projects of my own. Here's what I learned:

    1. Don't stab anyone in the back (burned bridges, insert your favorite cliche). It can come back to hurt you.

    2. Don't give your bosses a reason to be unhappy with you. Work just as hard - or harder. If you're valuable to the company, leaving them will be more painful (and can produce a more profitable situation for you).

    3. Encrypt every email, instant message, and web transaction that deals with your activities. Don't assume anything is safe unless you're actively doing something to ensure its security or you can verify it easily (SSL, for instance).

    4. Regularly scan your machine for viruses and spyware. Use a packet sniffer to see if you're sending anything unexpected. Look through your machine to see if there are programs installed that shouldn't be there... is your company spying on you?

    5. Don't use their phones. Upgrade your damn cell plan and use that.

    6. Take advantage of non-company resources for communication and whatnot. Find a decent webmail provider with SSL enabled.

    7. Make sure any contract or agreement you signed isn't going to come back to bite you. If you signed a non-compete agreement or whatever, don't assume it's invalid or that they won't pursue it. See a lawyer BEFORE you have legal troubles in this area.

    As others have complained, there are loyalty problems in this country. I used to love my job, love my work, and love the company. Some things changed, and while I still love the work I no longer enjoyed anything about the company. Many attempts to change it from within failed. When your boss is taking advantage of you, you need to re-evaluate. When you're stuck in a dead-end, you need to re-evaluate. When you get the line, "if you don't like it, then find somewhere else to work," the time for re-evaluation has passed and it's time to end that part of your life.

    Employers aren't loyal to employees any more than we are to them. I heard stories of pre-1980s-boom-and-crash Japan, where a failing company's president would give everything he had back into the company to keep it going as long as possible...and if it wouldn't work, he'd split the cash from his shares, pay, etc. among the employees. This was in return for the lifetime loyalty you gave to the company.

  24. Re:PIN to PIN??? by NicolaiBSD · · Score: 2, Informative

    Eeehm.. actually it is PIN. Blackberry PIN-to-PIN messaging is a way of sending email like messages to other Blackberry devices connected to the same Blackberry server. Each device has a unique 'PIN' which is used for the addressing of these messages, hence the term 'PIN-to-PIN'.

  25. Camera analogy by Tablizer · · Score: 2, Informative

    Employers cannot place hidden cameras without telling employees. The courts already settled this for the most part. Just because it is company property does not automatically give them the right to snoop without warning. If a company wants to intercept messages and phone calls, it should provide direct advanced warning that it may do such. (I don't mean every incident has to be warned about, but the practice.)

    --
    Table-ized A.I.
  26. Yes, but also keep all comms separate by Presence1 · · Score: 2, Interesting

    A company I worked for was very paranoid and badly managed (so much so that 30+ other people left within the same six week period as I did). After we left, they installed video monitoring of every desk, door monitoring and other intrusions.

    However, it turns out that before that, they had installed keystroke monitors, and used this to obtain passwords to private web-based email accounts. We found this out because one of the former employees was hit with a lawsuit with "evidence" from his private Yahoo email account. The suit was bogus and never went anywhere, but he still had to start a defense.

    The answer is simple, do not use ANY form of communication that intersects with any of your employer's systems. Use separate private cell phones, private email on your home computers or private laptops (off your employer's network), and talk off site.

    Not only is this the safe thing to do it is also the right thing to do. Even when your employer has proven themselves to be irredeemably unfair, and that you are right to leave and compete with them, that still doesn't make it right to use their resources to do so. Get your own.