Slashdot Mirror

← Back to Stories (view on slashdot.org)

Conspiring Against Your Employer? Watch What You Email

Posted by michael on from the 0wnz0red dept.

Eric Giguere writes "In a story that has Bay Street (the Canadian equivalent of Wall Street) in a kerfuffle, the Globe and Mail writes that bank employees defecting to set up a rival investment firm didn't realize that their employer could easily track the emails and messages they sent and received, even when they're sent via a nominally-secure system like RIM's BlackBerry. In particular, the employees were assuming that the messages they sent via direct PIN-to-PIN communication (a PIN uniquely identifies a BlackBerry device) weren't trackable. But if they're on the device, they're available to the employer to see. The employees may also have thought that PIN-to-PIN messages are encrypted, though RIM has always said that they're not -- it's only the connection to the corporate email server that is secure. A lot of damning information pulled from those emails and messages has made its way into a lawsuit."

22 of 420 comments (clear)

  1. Can I be the first to say "duh"? by the_mad_poster · · Score: 4, Insightful

    Honestly now, any communication that passes through any computer controlled by your company can be seen. Even if they were encrypted, if, at any point they are EVER stored outside of volatile memory unencrypted, they're available.

    If you're doing something with their resources like plotting against them... well...

    --
    Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
    1. Re:Can I be the first to say "duh"? by Anonymous Coward · · Score: 3, Insightful

      I don't understand why it's not simple for people to understand. it's not your computer, it's not your network, it's not your e-mail: you are NOT protected.

    2. Re:Can I be the first to say "duh"? by Bios_Hakr · · Score: 4, Insightful

      The thing about USian corporate culture is that even if you are technicaly right, you are still wrong. Your boss could be setting baby kittens on fire and you could be the whistleblower that puts him away. The next week, you get fired for abusing the copy machine.

      This once happened to me. A router in my area lost its config. They claimed I did it. I replied that it could have been a lazy admin never doing a "wr mem". They told me that I could either sign a confession or they'd reassign me to an outside work area while they "investigated". My boss outright told me the investigation would take months while they bounced me from area to area and shift to shift.

      Given that kind of culture, the employee always loses.

      --
      I'd rather you do it wrong, than for me to have to do it at all.
    3. Re:Can I be the first to say "duh"? by ifwm · · Score: 3, Insightful

      And your friend didn't sue? Your friends an idiot.

      More importantly, you've left something out, or more accurately, your friend did. He has an actionable case, but most likely, he did something else, and is passing this story off to his acquaintances. I seriously doubt it went down they way you claim.

  2. Silly Rabbits, its too late by Momoru · · Score: 5, Funny

    "A lot of people on the Street are going to have a few sleepless nights, going through loads of e-mail to delete them when they hear about this case"

    Although an employer sometimes can go through the emails on your harddrive, I think what the people in this article don't realize is that it sounds like emails are being intercepted at the server level. Who is stupid enough to use company email to conspire against the company? Setup a freakin gmail account and talk about it at home!

    1. Re:Silly Rabbits, its too late by gstoddart · · Score: 4, Informative
      Although an employer sometimes can go through the emails on your harddrive, I think what the people in this article don't realize is that it sounds like emails are being intercepted at the server level.


      And people should realize that due to new regulatory reasons like Sorbanes-Oxley companies are required by law to perform this.

      In order that they don't get sued they need to treat e-mail as corporate records. So getting caught doing something like this is even more likely as companies make sure they can comply with that law.

      Cheers

      --
      Lost at C:>. Found at C.
  3. gratitude by Anonymous Coward · · Score: 3, Insightful

    They deserve what they get. How is that for repaying your employer? He writes you a check, puts bread on your table, and you pay him back by using his own property to steal his business. Ridiculous.

    Loyalty used to mean something in this country. I guess loyalty has gone the same way as traditional family values and faith in God.

    Things are going to have to change, people.

    Steve

    1. Re:gratitude by jridley · · Score: 4, Insightful

      I don't condone what they did, but there's no loyalty on EITHER side. Sure they write you a check, but most employers won't think twice about firing you if it suits their financial interest. If you're not getting loyalty, you tend not to give it back.
      I admire loyalty, but there are situations where it's not warranted. Most corporations have chosen not to give or reward loyalty, so they get back in turn.

    2. Re:gratitude by XMyth · · Score: 4, Funny

      Yea, damn Canadians. At least loyalty still means something in America.

    3. Re:gratitude by silverbax · · Score: 4, Insightful

      "I guess loyalty has gone the same way as traditional family values and faith in God."

      Ahem.

      Over 80% of the nation's population is Christian.
      The are blue laws to prevent the sale of alcoholic beverages during certain days (Sunday) or completely in roughly 80% of the United States.

      There are over one hundred cable channels nationwide devoted entirely to Christian programming.

      Nearly very company in the U.S. is closed on Christmas.

      "In God We Trust" is printed on all U.S. money.

      And yet, every day someone claims religious persecution of the Christian religion.

    4. Re:gratitude by WindowlessView · · Score: 3, Interesting

      Loyalty used to mean something in this country.

      Where have you been for the last twenty years?

      We can easily get in a chicken and egg argument but in my opinion this trend toward lack of loyalty was begun by employers, not their employees.

      It wasn't the employees who first went around pronouncing that the age of lifetime employment was over and people had better get used to have 2 or 3 different careers in a lifetime. It wasn't employees who decided to ship their own jobs overseas to save some money. It isn't the average worker who is pushing the trend toward hiring people with the precise skill set needed at the moment and then throwing them overboard the second they aren't needed. And god forbid a company should spend money on retraining these days.

      These guys may have been a little sleazy in how they went about things but the fact that anyone should be surprised by their behavior is astonishing - and not a little too self-righteous for my taste.

      You want traditional family values to make a comeback? How about starting with a move toward a society where the family wage earners can have some measure of stability and faith in their employer.

      --
      Leave the gun, take the cannolis.
  4. Agreed by log0n · · Score: 3, Interesting

    I can't believe that this isn't even common sense for a lot of people.

    People are either getting dumber, or too trustful - either way, one is a sure sign of another.

  5. No pity, no new violation by dreamt · · Score: 5, Insightful

    I'm sorry, but I feel no pity for people being caught this way. Its very clear when you start working somewhere that the computers you use are the property of the employer, and you should expect no privacy from these machines. They used company owned BlackBerries because they thought it would be secret (implying that they knew other company computers were not). If you use something company owned because you think it is secure, while other company propery is not secure, it just shows you dumb enough to be caught. If they were so concerned about their privacy, they should not have used any company property.

  6. I'm a knee-jerk privacy freak, BUT by Lonesome+Squash · · Score: 3, Insightful
    the company did right here. If they DIDN'T record all employee communication, the regulators (at least those we deal with in the US) would have demanded that they do so. Not only that, but they would be leaving themselves open to customer and shareholder lawsuits. I'm sure that somewhere in the mammoth stack of forms anyone working in securities must sign when they're hired on was one saying, "No facility is provided for private electronic communication."

    The really shameful thing (aside from working on company time to screw your employer) is that these people didn't know this already. Looking at the list of those being sued, I see IT people who should have known better. Perhaps the company would have punished them more effectively by letting them go form their own company without understanding the basics of ethics, law (including allegedly trying to steal customer databases), or security.

    --
    Behold the riant ape! Beware, his crooked thumbs!
  7. Idiots**2 by Deep+Fried+Geekboy · · Score: 5, Interesting

    These people are in charge of your money, folks.

    They are idiots for two reasons.

    First, because they clearly acted unethically, which is the really big idiocy. I run my own company and rule number one is due diligence. I am not going to screw myself by doing something that could bite me in the ass further down the line.

    It's astonishing how many investment guys simply don't get this. I have literally had my own investment guy sit there and tell me that a particular investment 'cannot lose', in the presence of his lawyer -- who looked very uncomfortable and was forced to intervene by saying "Look, you cannot say that".

    Second, anyone who uses unencrypted email on a server they do no control, ESPECIALLY if it belongs to someone they are screwing, deserves to spend the rest of their productive years flipping burgers, or possibly stamping licence plates.

    --

    I'm not wrong. You haven't thought about it hard enough.

  8. Re:In the US..... by Anonymous Coward · · Score: 5, Informative

    Investment firms must catologue all emails for compliance and SEC inspection, in fact they must be kept for years. All transmitions including company issued handheld devices are monitored by this automated system at most firms. So if their canadian counterparts have to do similar things this is to be expected and they have a record of all of your emails for years probably.

  9. Comment removed by account_deleted · · Score: 5, Funny

    Comment removed based on user account deletion

  10. There's loyalty, and there's loyalty... by rah1420 · · Score: 4, Insightful

    Loyalty still means something, but it may not be what you think it means.

    Look, these people were dumb, that much can be argued. They were dumb for using a monitored service to do this, and they were dumb for (ostensibly) stealing their company's resources for the purpose of setting up a competitor.

    However, you need to decouple this from the loyalty argument. The loyalty you need to have is not to your company any more. Are they loyal to you if business turns sour and they have to start slashing the payroll? Hell no. The corporate sinecure is dead. "Ma" Bell doesn't evince the image of a benevolent mother any more.

    The kind of loyalty you should have is to your projects, to your work, to you as an individual and to your Rolodex (or electronic equivalent.)

    If you live every day as if you might be laid off, working on projects that will escalate your worth and making sure that lots and lots of people know what kind of value you contribute, then you'll be better off; your customers (those who are the beneficiaries of your projects) will be better off, and your company will be better off.

    And if things should turn sour, then you shrug your shoulders, get your Rolodex out and start calling.

    So instead of "Logo Loyalty" you should cultivate "Rolodex Loyalty" (thanks, Tom Peters.)

    --
    Mit der Dummheit kämpfen Götter selbst vergebens.
  11. Looting != protected concerted activity under NLRA by holt_rpi · · Score: 3, Informative
    If you're acting with others for the mutual aid and protection of yourself and other coworkers, in the US you're protected by Section 7 of the National Labor Relations Act. A somewhat recent case highlights the NLRB's deference to email as well as other forms of communication:

    In one case, the NLRB held that email communication may qualify as "protected concerted activity" under the NLRA. In Timekeeping Systems, Inc., 323 NLRB 244 (1997), the NLRB reversed the discharge of an Ohio computer programmer who criticized a new company vacation policy via e-mail. The NLRB concluded that because the employee's email message primarily sought the assistance of other employees in getting the old vacation policy reinstated, it qualified as a form of concerted activity.

    The NLRB agreed that the tenor of the employee's message was derisive, but it did not feel the message was offensive enough to lose the protection of the NLRA.


    I don't think "hey, let's blow this popsicle stand and take all of its business with it" qualifies as "protected concerted activity" under the act, even if it had occurred within the US NLRB's jurisdiction.

    However, don't let this dissuade you from working together to improve your workplace under the protections of Section 7. You should, however, try to avoid using company-owned computer systems for obvious reasons. (They own them, they can read whatever they want on them, you have no expectation of privacy on them.)
  12. Silly Rabbits should not start businesses by museumpeace · · Score: 4, Insightful

    The naive emails were being exchanged for the purpose of starting an investment company! would you give a nickle to a banker or broker who was that clueless?
    it would cost the employer less to take out an add in the financial section pointing out that the upstart company was demonstrably dishonest and joining a competitive race with its intellectual pants down around its ankles than it would to sue the dummies.

    --
    SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
  13. How to Get Away With It by lukewarmfusion · · Score: 4, Interesting

    I just started my own company, directly competing with my previous employer. I spent nearly eight months on their payroll while I began up my own business and sought projects of my own. Here's what I learned:

    1. Don't stab anyone in the back (burned bridges, insert your favorite cliche). It can come back to hurt you.

    2. Don't give your bosses a reason to be unhappy with you. Work just as hard - or harder. If you're valuable to the company, leaving them will be more painful (and can produce a more profitable situation for you).

    3. Encrypt every email, instant message, and web transaction that deals with your activities. Don't assume anything is safe unless you're actively doing something to ensure its security or you can verify it easily (SSL, for instance).

    4. Regularly scan your machine for viruses and spyware. Use a packet sniffer to see if you're sending anything unexpected. Look through your machine to see if there are programs installed that shouldn't be there... is your company spying on you?

    5. Don't use their phones. Upgrade your damn cell plan and use that.

    6. Take advantage of non-company resources for communication and whatnot. Find a decent webmail provider with SSL enabled.

    7. Make sure any contract or agreement you signed isn't going to come back to bite you. If you signed a non-compete agreement or whatever, don't assume it's invalid or that they won't pursue it. See a lawyer BEFORE you have legal troubles in this area.

    As others have complained, there are loyalty problems in this country. I used to love my job, love my work, and love the company. Some things changed, and while I still love the work I no longer enjoyed anything about the company. Many attempts to change it from within failed. When your boss is taking advantage of you, you need to re-evaluate. When you're stuck in a dead-end, you need to re-evaluate. When you get the line, "if you don't like it, then find somewhere else to work," the time for re-evaluation has passed and it's time to end that part of your life.

    Employers aren't loyal to employees any more than we are to them. I heard stories of pre-1980s-boom-and-crash Japan, where a failing company's president would give everything he had back into the company to keep it going as long as possible...and if it wouldn't work, he'd split the cash from his shares, pay, etc. among the employees. This was in return for the lifetime loyalty you gave to the company.

  14. Re:ssh and silc via blackberry by Eric+Giguere · · Score: 4, Informative

    Most large institutions have a BES, yes, but not all of them have the Mobile Data Service (MDS) enabled, which is what you'd need to run something like that. Without MDS, the BES is really only about getting email and PIM stuff in and out of the corporate mail server.

    Eric