Slashdot Mirror
One-Third Of Companies Monitoring Email
dotpavan writes "While studies have shown that spying on workers tends to make them less productive, that hasn't stopped approximately 1/3 of all U.S. companies from employing email monitoring tools. 43% of those companies employ staff to check outgoing emails. This seems like quite a waste. While there are some times when it makes sense to monitor emails (or it's required by law), most of the time, this seems like a complete waste of money. Not only are you upsetting workers and decreasing productivity, the benefits are pretty hard to spot. The number of "problem" emails tends to be incredibly low. If someone really wants to send out inappropriate emails, they're going to figure out some other way to do so, such as via a free webmail account somewhere. Yet, the companies are buying up expensive tools and hiring staff to watch just in case they catch the one or two problematic emails that go over the corporate network."
Does that count companies like mine, that once bounced email back to me because I described a process as "sucking up all the CPU time", only to be told that 'suck' or 'sucking' is not allowed in our email?
fire up your browser and use your gmail acc.
"First they ignore you, then they laugh at you, then they attack you, then you win." -- Mahatma Gandhi
You wouldn't consider hiring folks to monitor e-mail if your firm suffered public embarrassment or lost business due to leaked information. While I agree that it is sad that employers don't feel that they can trust their employees, I honestly cannot blame them.
Until some moron starts harassing his ex-girlfriend from his work account and you company gets sued for umpteen million dollars. Then it would've made a lot of sense!
You not lose the case, but the lawyer fees would probably make the monitoring look very attractive.
Also, haven't you worked with at least one person dumb enough to try to mail out the company's source code or mail out resumes from their work account? I know I have.
Agile Artisans
Not only are you upsetting workers and decreasing productivity, the benefits are pretty hard to spot.
Indeed. To take a parallel example, although 100% of Slashdot articles are monitored (and corrected in detail) this just seems to upset the "workers" and has had not improved productivity.
So leave that firm.
"First they ignore you, then they laugh at you, then they attack you, then you win." -- Mahatma Gandhi
so whats the point? to save the company from being involved in a scandel such as being linked to kiddie porn distribution, or is it some moron telling the bigwigs that its taking up bandwith and will cost the company money. The question isnt who is this moron, its why arent the bigwigs doing a proper cost-benifit analysis? any company doing this deserves what they get.
Is here: http://www.infoworld.com/article/04/12/02/HNmanage rsmisuse_1.html?source=rss&url=http://www.infoworl d.com/article/04/12/02/HNmanagersmisuse_1.html/
At the magazine I edit, many of the department email address forward to me before they go to the department editors. Part of the reason is that some of the department editors can be, shall we say, less than diplomatic when dealing with incorrigible readers. Part of my job is to ensure that exchanges do not become denigrating or insulting, and to avoid lawsuits.
Ignorance is curable, stupid is forever.
What I find interesting is the distinction between email and phone use. It's illegal in many states -- may even be federal law for all I know -- to listen in on employee phone communication. Why doesn't email deserve this same protection?
However, 99.9% of these companies were reported to be running win32-based machines where the email logging is partly dependent on the user's ability to check their email without infecting the entire network with the latest 'PrivacyFucker 6.0', so the logs aren't particularly too exciting when they get deleted and/or replaced with another executable instead.
'Yes, firefox is indeed greater than women. Can women block pops up for you? No. Can Firefox show you naked women? Yes.'
I mean seriously, it is THERE email servers/system.
It's company resources - you are employed by them, for them.
The article cited about decreasing productivity was about managers using e-mail and other technology to track their employees and nag them, not about monitoring e-mail. Why on earth would monitoring their e-mail decrease a user's productivity?
is that you can legally get access to the sent and recieved email of graduate students, faculty, and staff at state runs schools under some open information act. Yeah, it's happened in my department.
How does monitoring employees' email make them less productive? All of the monitoring products I've come across work transparently as a feature of the mail server.
Powered by onion juice.
Just scan the network for email passwords... usually quite easy these days. Once you have someone's e-mail that you don't like, you can send an e-mail to the department head or ceo or whoever likes the e-mail idea from them explaining why e-mail monitoring is a fucking waste of time. They get fired... you get a good laugh...
Good clean fun.
When your company is liable for the one or two problematic emails to the tune of millions of pounds, it starts to seem slightly less silly.
Around 15% of companies employ somebody to read outgoing email? I suspect 15% of companies don't even give their employees email access. Don't forget, we are talking farms, supermarkets, tailors, all sorts of small businesses too. Companies aren't just big corporations with hundreds of employees. They are the little guys too.
I worked for a company that was developing a software product for a single large customer. This customer is a very large technology company that had various factions in it that were for or against our product.
My boss who was the engineering VP had told everyone repeatedly to be very careful about the kind of emails to send to them.
The email that killed us was a "reply all" to a thread announcing that a build of our product that was available for evaluation. An engineer hit "reply all" and then proceeded to write a highly negative diatribe about the build. The reason why he did that was he was upset that he hadn't had time to put in a fix for some particular hardware configurations. Of course, we had months of development left in the project and his fix would have been in the next build. However, he did not state this very precisely, nor did he consider his audience.
The folks who did not like our product (because they percieved it to be a threat to their political power within the company) used his email to convince the CEO of the customer company to cancel our project.
I was in an "Oh Shit" meeting the next day with our CEO and the rest of senior management. Our CEO stated that he wanted to throw the engineer who sent the email off the roof of our building (which is maybe 25 floors). Ultimately this email lead to the layoff off of 130 out of 150 employees during the middle of the resession (November 2001) and ultimately the company limped along for another year before folding. Fortunately for me, I was positioned exactly right (politically) to be able to stay, but a lot of really good people lost jobs at the worst possible time.
If that email had *not* been sent, we might have hung on long enough to ship the product. If that had happened, it would have meant that the people in the "customer" company would havee been promoted, our company would have made some money and maybe been acquired. I'd probably still be working there.
That said, I have no problem with companies monitoring email.
Avoid Missing Ball for High Score
The people who are hired to "spy" on their fellow co-workers are generally looking for those types of violations and if somewhere in the middle someone is sending out porn, or using their employment at a prestigious company for ulterior motives, or any other myriad of the violations of common (or clearly stated at the time of your hire) corporate network use and they get caught, well... the flour sifter has caught a few more flies.
Despite the fact that we all work with them or are them, from the top tiers of management and from the shareholders viewpoint those violators are not the types of employees that you want to employ or want on the payroll.
Companies tent to benefit from firing these people because they show to their employees and clients that they are there to do business and just business.
If this was about ISP or the government spying on an individuals emails, then that would be a valid case and cause to rally the troops of the revolution, but when you are using someone elses network, someone elses resources, and being paid not to...well I don't really see the cause for concern.
Let's keep in mind that patents are in place to keep lawyers employed and keep them litigating. -CatGrep
It is a waste of time to watch users email unless you have a corporate policy that has serious teeth and most do not.
Take for example, if a user thought they were being watched, why not use one of 1000's of web based email systems? Better yet, they do it over SSL and subscribe to porn to these mail boxes and get to watch port all day.
But users beware, we can watch you all the same and horny users make mistakes. Caught one that didn't realize the links being sent via email were opening the sessions through the proxy...
Most of this depends on how much your management thinks of security and white coller workers slacking it.
let's say employee X seends an email saying how much he hates minority group A, or how Secretary B should really be dating him if she wants to get ahead. Lawsuit city. Now, the resonable thing to do is sue the person who committed the crime. The profitable thing to do is sue the corporation, who then has to go out of it's way to prove they were doing something to prevent this kind of behavior.
Moreover, with all the top heavy companies these days, all those managers have to find something to do with their time. You can only implement so many inane policies before the well runs dry.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
To be pedantic, in my opinion the problem is the 2/3 of companies that aren't monitoring e-mail. Corporate law holds companies liable for e-mail from any networking assets they own, so it does actually seem sane to monitor and restrict.
The solution becomes obvious; if you want to send personal e-mail from work that might violate slander laws, threaten to assassinate the president, or contains childporn, send it via your own machine. I for one make sure that during working hours, all my personal e-mail goes via my Gentoo Linux boxen at home. Then it is no longer your employer's problem, by strict interpretation of the Corporate Communications Act of 2002.
1. I was forwarded an email of a humerous pic and when I replied back with the pic still attached. Light warning.
... big no no. Company memo went out updating email policy on how to handle those issues.
2. My customer was having issue with the company's product, I sent an email to the customer agreeing that it was a bug. Company filter caught it
3. Sent a some vendor PDFs to my home email account, company filter caught it. Deemed harmless and left with a warning about sending company materials over the internet.
to save time we should do exactly what we ask spammers to do...label thier emails spam ;^)
the "problem" email should include a special marking like "THISISAPROBLEMEMAILATWORK:" before anything else in the subject...The method has effectively eliminated the time wasted on the outgoing email without problem
Some people believe 1-1=3 and for the sake of being politically correct, we should respect their differences
"While studies have shown that spying on workers tends to make them less productive, that hasn't stopped approximately 1/3 of all U.S. companies from employing email monitoring tools. 43% of those companies employ staff to check outgoing emails.
The "study" referenced does not address eletronic monitoring of employees.
The paper is about trusting employees to work from home and other "remote" locations. Evidently, Microsoft doesn't feel that employers should feel the need to physically watch over their employees - perhaps because remote office work could be beneficial to Microsoft's bottom line.
To claim that this paper is an academic study referring to the negative aspects of corporate electronic monitoring is way off base. Instead, it smells like a Microsoft whitepaper promoting Microsoft products within UK employees' homes.
The first time your employer gets dragged into court because some asshat couldn't resist sending his racist/sexist/offensive joke to the most easily offended person at the company will make you wish you'd spent the money, time and effort to monitor up front.
If you monitor and act on what you find, you can at least mitigate damages.
Using the same analogy that its not important is like not having a security guard at the front desk.. "well its only 1% of buildings that get broken into". Why have fire detection systems? So few places burn to the ground its just a "waste of time and money"
It only takes one bad mail to kill a company. Either via leaving you liable or trade secrets, or even outright fraud.. Its not just about lost productivity of employees playing around with email instead of working. Need to change your 'its unfair' mindset. Its a business and you are being paid to work, it does not have to be fair.
---- Booth was a patriot ----
Hell our company is doing all 3 and they admitted it to us several months back. Talk about a buzz kill. The office has not been the same since. Corporate espionage yeah right, we are all giving away trade secrets. Whats worse our IT director didnt warn the collars that this type of action would cause a massive morale collapse across the workplace and it did. How do you recover the workers trust and enthusiasm after doing one of these numbers.
Only a non-Western country like China would permit a broad range of eavesdropping.
So - I SHOLUDN'T be using my work computer solely for running VNC viewer and doing all actual work on my home PC?
If someone really wants to send out inappropriate emails, they're going to figure out some other way to do so, such as via a free webmail account somewhere.
But if you use a webmail, it's not coming from the company e-mail is it? So for the most part it's someone else's problem. It's one thing for Joe at Widget Inc to send off an e-mail from the Widget.com.... as any e-mail represents the company. I.e. if Joe says, "It's lunch time h'm going to download porn and masturbate at my desk" this would reflect poorly on the company. However if Joe were to use webmail to e-mail this, it's not an official document from the company, only reflects poorly on joe, and the company can deny accountability regarding e-mail sex services.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
How do they enforce webmail ban?
Sure, they can ban well-known webmail hosts, but with just about every ISP and university having web mail, that's a very long list.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
carry around a copy of putty on a usb drive. if you're using a windoze machine at work, insert the usb drive, fire up putty, and secure shell to a machine that will allow you to send as much email as you please.
this also assumes that you have shell access somewhere. but don't we all?
of course they could go ape shit and block port 25 on you.
nature loves variety::society hates it get your variety at http://www.monkeypantz.net
If the grad student is being paid, either in cash or in tuition adjustments, for any kind of work, then some or all of his email addresses may be treated as staff for this purpose.
However, if he has a "dedicated use" email account that's not related to his "paid" work, for example, if he's not getting any tuition adjustment's and it's an account specific to a class he's taking, then it would be hard to show that this qualifies as an "employee's" email account.
I suspect that cases like this will cause state lawmakers to carve out exceptions for student-employees, or require that any requested email be reviewed for relevance-to-"work" before being released.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I assume he was fired with a poor reference, but did anything else happen to him?
Oh wait, I bet if you told me you would have to throw me off of a 25-story building.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Ah, Slashdot. Where a level-headed comment pointing out that it's absurd to wave the free-speech flag at every problem is modded Troll.
Funny that a moderator who thinks that everything is free speech would mod anyone down...
My own personal belief is that this stems from resource control. Companies pay their employees for the time and they pay service providers for the connection and that meny gets wasted when people are not doing their jobs and the resources are being used for personal gain. I know it seems like a small thing but it probably stems from an "all of nothing" policy.
In addition, as someone earlier pointed out in an earlier post, the company may also be shielding itself from litigation if one staff member is creating an intolerable environment through any of the usual vehicles (racism, sexism, sexual harassment, etc.) and while the instigator is the cause they are not a good source monetary gain whereas the company is and it is fairly easy to convince a jury the company was negligent. Additionally, what happens if an employee shows up on RIAA/MPAA's radar?
The expectation is that companies are be omnicient and omnipresent in regards to their staff's activities even though it is not realistic.
The main issue I have with this is that companies do not even *tell* their employees which to me ought to be illegal. When I worked for a system integrator/support agency there was a client who would monitor e-mails and refused to inform his employees. So my co-worker who was their regular support rep would sit down with new employees and during account creation would inform them of the monitoring.
How companies handle it leaves much to be desired too. Another coworker from that system integrator I used to work for has a brilliant strategy for how companies should deal with net abuse - simply drag the offender in, put the fear of god into them, and then let word of the infraction spread. It generally worked too because after one company put that into practice, abuse of the internet connection ceased. Every so often someone would test and see if the company dropped its gaurd and the process repeats itself.
Anonymous Cowards generally receive no replies because you're a coward and I'm a bitch
Run a VPN server at home (XP Pro has one built-in) and open a VPN connection from your work computer to your home computer. Be sure that "Use Default Gateway" is checked on the TCP/IP connection properties. All packets not destied for your workplace LAN will be routed to the Internet via your home server. The speed will be dependent on the speed of your home connection, but more importantly all packets will be encrypted *and* you can run whatever protocols you like. There's a small possibility that the corporate firewall will be configured to block outgoing VPN, I say small because most corporations use VPN as a secure wy of connecting to other sites within the organization. To stay under the radar be careful how much bandwidth you consume.
You guys think we're kidding, right?
And while you may say 'just don't do business with them', that's pretty impossible. They are the two biggest on the planet in their field. To the tune of pumping us tens of millions $$ per year.
I don't know about you, but it's important to me to be treated as a professional. There are expectations on me that are strictly and entirely limited to my job. The rest of it, as far as I'm concerned, is none of anyone's damn business.
On top of this, it's also been my experience that wasting time and resources on monitoring your empoyees email is the kind of low-rent activity that "managers" engage in when they can't actually think of anything usefull or productive to do. Maybe they teach this in Business school, instead of that elective in ethics that no one has time for anymore.
There are many security policy's and projects based on addressing problems that either do not exist or are very minor and it's pissing me off because it's hurting more than helping.
Whenever unions are brought up on Slashdot, they're usually in the context of low wages or long hours.
But here's another prime example of where some kind of union could prevent this kind of invasion of privacy (and waste of money). But without any kind of organization that can negotiate on the behalf of the employees, most workers just have to take it.
Now before the Libertarians get their briefs in a bunch, no, a corporation has no legal responsibility to respect the freedom of speech of it's employees. Yes, employees are free to find another job. But sometimes those excuses just aren't good enough.
Why not just log all email on the system and if someone makes a complaint then you can find the specific email in the log. For the extra paranoid you set up the log so that it cannot be read by anyone without alerting someone/everyone that its been read, that way theres no private peeking. If you're worried about espionage then you need to just ban all forms of communication in and out of your building and strip search for portable hard drives (heh) and hope no-one has a photographic memory. Someone could encode some private data as ascii hex and print it/fax it, they could send smoke signals, pigeons, plant it in the rubbish, or upload it to slashdot. 77 68 61 74 20 64 6f 20 79 6f 75 20 77 61 6e 74 20 61 20 6d 65 64 61 6c 3f 20 41 6e 79 77 61 79 20 61 73 20 49 20 77 61 73 20 73 61 79 69 6e 67 2c 20 74 68 69 73 20 63 6f 75 6c 64 20 62 65 20 73 6f 6d 65 20 69 6d 61 67 65 20 6f 66 20 79 6f 75 72 20 6c 61 74 65 73 74 20 73 65 63 72 65 74 20 70 72 6f 64 75 63 74 20 6f 72 20 77 68 61 74 65 76 65 72 20 61 6e 64 20 79 6f 75 20 63 61 6e 20 6a 75 73 74 20 70 61 73 74 65 20 69 74 20 69 6e 74 6f 20 61 20 62 6c 6f 67 2d 77 68 61 74 20 61 72 65 20 74 68 65 79 20 67 6f 6e 61 20 64 6f 3f
This comment does not represent the views or opinions of the user.
"The folks who did not like our product (because they percieved it to be a threat to their political power within the company) used his email to convince the CEO of the customer company to cancel our project."
:), and they will use their own spin on every "fact" that they can. Trying to put blame on the poor guy/gal that sent a poorly thought-out e-mail rather than the evil people that scuttled the deal doesn't seem right.
Errr.... Yay team!???
This more or less indicates that your company had bigger problems than that e-mail. If people who want to destroy the company are in a position to do so, they will. Blaming a nasty, ugly situation on one person seems to disregard the fact that there were a number of people, and a fair amount of time invested in pushing the big red self-destruct button for your company.
Your post seems to blame the person without considering that there were a lot of other contributors to the situation than just this one person.
There are egomoniacal jerks with waaay more influence than is healthy in pretty much every company (at least in my experience
"Yet, the companies are buying up expensive tools and hiring staff to watch just in case they catch the one or two problematic emails that go over the corporate network."
I've worked for companies under investigation by the SEC for inappropriate behavior. Sometimes "one or two" emails is all it takes to break the law and cause a company's stock to plummet.
My current company 'buys up expensive tools' and 'hires extra staff' to run backups on the network, just in case one or two problematic hard drive failures occur. Why is it ok to monitor company hardware but not ok to monitor company communications?
IMHO, companies should not actively monitor, but they should keep a "paper" trail for a certain amount of time. I am against active monitoring, but if a problem arises it is crucial to have history to refer to. My company keeps email records for contractors only, but doesn't waste the resources (or ethical capital) to examine them. However, at least once it has proven invaluable. We once caught a contractor stealing trade secrets and transmitting them to a cohort via email. He probably would have gotten away with it otherwise.
While studies have shown... ...pretty hard ...tends to be
tends to make them...
approximately 1/3...
This seems like...
there are some times when...
most of the time...
this seems like...
the one or two...
Did you have any facts at all, or is it all just opinion and made-up bullshit?
Why does Slashdot have a section for "Your Rights Online", but no section for "Your Responsibilities Online"?
A friend of mine used to work in the IT department of a major casino. Apparently all casinos have a huge database of everyone that plays, what they play, how often, etc.. This database is highly valuable to other casinos. I've heard that rival casinos will pay 10-20k for it.
So someone with access to it is about to sell it. Naturally all the email filters are in place and she was smart enough not to try that. So she figured she would just print it out and walk out with it. She got caught, however, when she called the IT department because the print server crashed. Apparently, sending a 10,000 page document to a print server doesn't quite work as well as one might hope.
----
Squirrel
that hasn't stopped approximately 1/3 of all U.S. companies from employing email monitoring tools.
Why not link to the source for your source (login)? The ITFacts.biz story got it wrong anyway: "33% of US companies monitor employees' e-mail" is wrong--the direct quote was "Almost 33 percent of 140 North American businesses..." You and ITFacts were off wrt the number and the sample. Oh, and the Tribune article was merely a syndicated column, using data from a nearly year-old study. Not exactly news. Where did I find that out? Look, it's ITFacts.biz! Yep, TFA was a double post.
Let's continue because we are not done fixing your post:
43% of those companies employ staff to check outgoing emails.
Wrong. It's "more than 43%" of companies with over 20,000 employees (not 43% of monitoring companies), according to the study. The one-third figure expands the sample to include all companies.
It is also worth noting that the study in question was sponsored by ProofPoint, which in fact sells monitoring software. So you could say that Forrester had a financial interest in high-balling the figure (which it appears they did, with all this "almost 33%" business).
Do your personal stuff at home. If you don't like that, quit, or just wait to get fired for cause.
While it's not the most popular option, especially on /. Email monitoring has it's benefits.
I worked in the IT department for an elementary school district, we were testing a new product that, among other things, could filter email, and from that we were able to catch a teacher who also happened to be a child pornographer and put him behind bars.
He was using his school email account to correspond with other members of his group.
Any company would be foolish NOT to implement some sort of email monitoring or archival. Why?
1) Liability. If something is sent by company equipment, by a company employee, it becomes the companys responsibility. At my current employer, we had a customer service rep go rogue and send a nasty, racist email to a customer via yahoo mail, using our equipment. We narrowly escaped a lawsuit by doing some serious sucking up. thankfully, we kept logs of all web based activity and were able to prove who it was and fire their ass in a quick and apparantly pleasing manner (to the victim at least).
2) Productivity. Believe it or not, but email can be used to do some serious slacking off. At my previous employer, I was asked to implement an email monitoring system and figure out precisely how much time was wasted by the employees. The worst offender was found to have 48% non work related emails by volume. That translated into approximately 2 hours of wasted time PER DAY.
3) Theft. I have been witness to two attempts at theft using email. The first one, we had insufficient evidence. The second one however was nailed inside of 2 hours. She was stealing confidential customer lists on behalf of the former sales manager who, unbeknownest to me, was having an illicit extramarital affair with her. If there was no monitoring, she would have gotten away with it.
The lack of any real world knowledge or experience is quite apparant in the person who submitted this story. Email monitoring is, unfortunately, a necessary evil. HAving said that, I would like to emphasize that I am talking about MONITORING, and not BLOCKING. Using word filters is dumb. Its better for them to send it and catch them after the fact than to prevent them from sending it in the first place. Better for them (the ones likely to abuse company resources) to think they can get away with it and nail their ass, then to force them to get all sneaky and find ways around the monitoring.
Feed the need: Digitaladdiction.net
Well seems like the slashdot crowd havent heard about the recent NZ police porn scandal (which has been a huge deal in the media!)
3 00,00.html
l
Streaming video of news: http://www.xtra.co.nz/streaming/0,,10550-4309851-
txt: http://xtramsn.co.nz/news/0,,11981-4311659,00.htm
"A police audit has found that about 20 percent of email capacity was taken up with pornographic images, and 300 officers are under investigation for having pornography on work computers. "
now, perhaps monitoring software could have at least prevented the email exchange of porn, would have made it a whole lot less embarrassing for the police!
... but as long as they aren't monitoring Slashdot I'll be fine.
A guy walks into a bar... well, I forgot the joke, but the punchline is that he's an alcoholic.
One company I worked at had a problem e-mailing a hospital in Queensland Australia - their mail gateway kept bouncing mail pertaining to a new influenza vaccine, claiming it contained 'inappropriate content'.
It was eventually discovered that this HOSPITAL was blocking any mail with the word 'virus' in the text.
Think of it this way:
The PHBs and Catberts of the world are trying to prove they're in control because their own Bungee Bosses are leaning on them until the pHBs and Catberts are starting to making squealing noises.
They actually don't give a good goddamn about you one way or another. You could probaby smoke crack for lunch at the office and get away with paid extended leave, put on a substance abuse program and 'monitored' by the plant 'nurse' (the one who's not even allowed to give out any Aspirin for fear of law suits.)
IP theft is no skin off their noses and they can't do dick all about it anyway. Not without a surgical drill and a tepaning kit. (Before they get any ideas, just mention that its illegal and very messy.)
IP leaks away as soon as its taught to the implementers. The IP and the people who implement it will leave in one way or another. Firing them is as bad as letting them them just walk out the door on their own.
What are the PHBs and Catberts to do? What can they do? They can the same path that the government is taking because its much easier to watch what they can watch over without having to watch anything meaningful.
They're just going to bury their noses in your business because yours is the only business they can bury their noses in.
We're becoming Big Brothered to oblivion with video cameras on our streets and the staff who's paid to watch 'em.
And who watch every pretty skirt, watch what stores she goes into, what car she drives, run the plates, then know her social security number, her bank balance, her credit history, if she's got her own place, indirectly every little detail is available, right down to her dental X-Rays, medical history, abortions performed... everything.
PHBs and Catberts aren't evil anymore than the 'custodians' of liberty are.
But they just don't know when to stop, when they've crossed the line from awake to your worst fuckin' nightmare. They don't know because they don't care.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
If you're wondering, the US law in question is not a specific law, but a 1986 set of laws known as the 'Electronic Communications Protection Act'.
There are also provisions in the law, so that system administrators are still allowed to do monitoring. (2511 (2)(a)(i)):
Build it, and they will come^Hplain.
What privacy ?
You are AT work on the COMPANY OWNED premises, using computers owned BY THE COMPANY, being paid to ONLY produce. ( unless you have a job that pays you to not do anything.. )
If you want privacy, go home where you have that right. But dont expect it at the office, as you DONT have that right. Pretty simple.
---- Booth was a patriot ----
A friend of mine is now working for a large software company. Recently, the person found out about a movie taken w/ a digital camera during a party, where she was naked (probably drunk too) and displayed a sexual behavior, to put it mildly. The movie might be available on the Net. Now the question is: what happens if her manager or any of her colleagues come accros that movie? Personal embarassment aside, would she be fired? I mean, of course there's no mentioning of the company's name or anything in the movie (or at least so I've heard), but one might claim one would not want movies w/ their employees naked being available on p2p engines.
Hopefully this is not modded off-topic and hopefully the
This seems like quite a waste.
Considering the energy and resources most large companies devote to preserving a squeaky-clean image, simply deploying a piece of software to help achieve this end hardly seems like a waste. And of course software can't do all the work--somebody has to read the ones that get flagged. A good company would hold such readers to high standards of confidentiality, of course. I would expect anyone caught abusing such authority to be fired as fast as anyone caught abusing the company credit card.
the companies are buying up expensive tools and hiring staff to watch just in case they catch the one or two problematic emails that go over the corporate network.
The study asked about "outgoing email", not intracompany email.
Emails are forever. A single employee can cause any company a PR fiasco (think "special sause" in McD's burgers). Employees could also share trade secrets with competitors. So no, I don't think it's as big a waste as you make it out to be.
If someone really wants to send out inappropriate emails, they're going to figure out some other way to do so, such as via a free webmail account somewhere.
My company blocks webmail. And reserves the right to monitor my outgoing mail as well as my web surfing. But I'm pretty confident that no one who performs such tasks would take that responsiby lightly (and certainly does not work with me, as that would create a conflict of interest).
Let me guess: This time figure is based on the implicit assumption that zapping off the latest joke takes exactly the same amount of time as drafting and sending a preliminary report.
/. If the government wants us to respect the law, it should set a better example.
Keep in mind that Ferris Research is probably shilling for Proofpoint -- a company that, not surprisingly, makes products that allow companies to inspect their employees' email.
I went to an orientation once for a big contracting firm and one of the managers had what I thought was a great way for everyone to think about using email at the office.
In a nutshell, he said people should think of using a company PC the way they already think about using a company office phone.
Nobody minds an occasional call( now email ) to take care of a small personal issue, but people do care if they spend if you spend all day on the phone ( email ).
By the same token, people in most jobs do not expect their office line to be tapped and the contents monitored.
Seriously dude, if you aren't ripping CDs with EAC in secure mode you are a fool.
It's been proven again and again that company provided tools are the property of the company that provides them. This also includes, btw, laptops and anything else that the company provides its employees to do their jobs.
:D
Yes, it is legal for companies to monitor email as well as phone conversations. How many times have you called a company and the automated system states up front that the conversation may be monitored and even recorded for use later. Regarding phone calls, it's not the employees invasion of privacy that's at issue, rather the person on the other end...
As an employee, I fail to see how the knowledge that my email may or may not be monitored will result in a loss of productivity on my end. It seems to me that there is much "water cooler" speak going on that is the real culperit.
Additionally, I occasionally do work with a company that records and archives EVERY email that's sent in and out. Period.. all stored for many years to come.
Anyway, I used to work for a company that hosted email for clients. We dealt with many of the legal issues on many occastions... and yes, we monitored some of our voice conversations as a training aide as well as a way to keep tabs on the quality of our services...
There are a bunch of reasons companies would want to "monitor" it's employees. Yes, trust is a huge issue and most of us don't trust our employers... well.. it's a two way street.
Please note, I'm trying not to take a side here, as I could passionately argue either side, as I've been intimately involved from each side. What I am saying is that people tend to overreact when they operate on assumptions and heresay when they should be operating on the facts.
--Beo
So what?
If that's your case, read it as "So starting looking for a new job if they're dicks".
Anyway, you made me think about it.
I'm recently (latter 2004) started to live with my wife (we're not formally married, but we live like that) and share my life with her. She is still only a student, and provide about 15% the income. Sudently you see your much valued freedom risking to go away (as we plan to make babies by the 2010's). Maybe I should reconsider, thinking longer and deeper about it.
I use outlook express to log into my account that is under my domain. Since I dont use the companies email system, am I any more insulated from being monitored?
If 1 email exploiting company content costs $50k (even losing employee, product details, etc. could easily cost that much), and you can stop a half dozen a year, then it's worth the money for the staff and equipment.
Why cut IT when your office space costs $3/sf? gibso
Man alive.
The study quoted certainly does not say "spying on workers tends to make them less productive".
After following a few links, and then searching on Google for the original study, and THEN following a few _more_ links, I was able to read the pdf.
A pdf that discusses micro-management, through over monitoring of employees.. as well as about twenty other things. This isn't even a study, or "studies", but merely an essay in which the author read a bunch of articles, and then formed his own conclusions.
There is a vast difference between an essay, using quoted references to from an opinion, and a study.. in which things are typically discovered first hand.
No matter. The "study" isn't even about this topic.
What a bonehead. Don't quote a page, that quotes a page, that quotes a page, that links to another page, which talks about the article (and doesn't even sound like they read it).
Instead, read the article, and post _that_ link.
BAH!
Doesn't surprise me at all. Big corporate wigs don't know any better. Their kind of thinking are the ones that were responsible for stupid "for hire" ads I used to see in the 90s that said "wanted programmer with a degree in Java" or other such stupid things that didn't exist. It takes time for old school to retire/die/get fired and the new to take over so idiocy like that goes away finally.
When I want to say something explicit to my GF or something nasty about the company, I write the e-mail in Tagalog or Japanese, languages I know. Friends of mine use Spanish. I guess it would also be possible to use the translation feature in Google to turn your e-mail into Chinese, Latvian or some other even wierder language and then let your recipient know to run it back through Google to turn it back into English. Short simple phrases without idioms should come through readable. The Filipinos at my work trash the company utterly, send out data they shouldn't ought to, etc. and the admins don't have a clue.
that's funny advice coming from someone hiding behind Anonymous Coward
Repeat after me:
"I am at work. I am using the company's PC, the company's network and the company's Internet connection. I have no expectation of privacy while I am at work. I am supposed to be *working* while I am at work."
-s
I would consider it a waste of my time to work for a company that had something to hide and treated me as a potential whistle blower all the time.
I honestly cannot blame [companies for not trusting their employees]
You must have things to hide, so I no longer trust you. Thanks for the warning.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
When you are a pointy-haired manager with 400 000+ in stock option bonuses, covering your ass is the primary instinct. You do not want to be blamed for anything that can possibly happen, you want to cover yourself with records showing that you were pro-active in spying on your employees. What it does to productivity of your people does not even enter into this calculation. And, of course, having access to private e-mails can be a good source of dirt on someone.
I got fired once from a company that was a lot like EA because I had problem with my manager - I worked 12-14 hours a day (including weekends and holidays) as everybody else in the group but after about 6 months I was realy getting burned out which caused that I was getting increasingly critical of my manager and the mess she was doing to our project.
Digging in my e-mails was first thing she started with. (And I am not talking about the company e-mail, she got my gmail e-mail password logged too). When that failed to produce result, she tricked me into writing a letter that I was going to resign in about 2 months (so they should start looking for a replacement) and she fired me next day based on my own "resignation" while she privately was telling HR that I was a major security risk and probably going to spy on the company and sell the secrects to a competitor!
I doubt that we will ever figure out - and I suspect that even if we did figure out we couldn't do much about it
The cold war is over and with it has gone the rhetoric of freedom. Now we see that those who claimed there was little difference between our Federal tyrants and Soviet tyrants were correct. Compared to the real evil empire, the war on terror is a pathetic excuse for violations of liberty. Yet daily we allow and some even demand such things. The rhetoric was right and we need to remember it.
The war between free and closed software is as important a fight as we have today. Every day, people sign over their privacy for the privilege of running expensive, second rate software. Some of this software, like Macromedia Flash, turns on your microphone and grants it's owners the ability to listen in on your conversations. Others, such as M$ OS demand the ability to inspect your files. Phone tapping is trivial next to such violations because your computer is also your filing system, your post and no phones worked when hung up the way a computer microphone can.
These violations are against company and individual alike, yet the bigger dumber companies continue to be suckered into massive information leaks by promises of employee monitoring. Such is the folly of manipulative people. The same site also point out that almost half of big dumb companies monitor their employee's email, here. Want to bet that 100% of those big dumb companies use M$ on their desktops? They have no idea what's leaking out of their networks from non-free shit, spyware and malware.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
as pop/imap.
Don't think that a small group of dedicated individuals can't change the world. It's the only thing that ever has.
Replace PC with toilet, network with plumbing, and Internet connection with water supply in the above for some amusement and insight into my opinion that ownership justifies intrusive monitoring.
I too have felt the cold finger of injustice.
But, Mr. Goat, it is highly unlikely that my employer will lose trade secrets, be part of a sexual harassment lawsuit or be infected with a computer virus as a result of anything I do in the Men's Room.
I can do nothing in the bathroom that will endanger the company. Sitting at a keyboard, I can do all kinds of things that put the company at risk.
-s
But now you've introduced factors other than mere ownership, which is all you invoked in your previous post. And you obviously haven't heard the rumors I've heard about some of the bathrooms where I work :).
I too have felt the cold finger of injustice.
Mr. Goat: I concede that yours is the more powerful intellect but I have one more situation for you to consider now that we have moved to the discussion of restrooms:
If I was employed in a line of work where my mental abilities and reaction times could mean the difference between life and death, would the company have the right to "intercept" my urine or samples of my hair?
I am thinking of airline pilots, bus drivers, subway engineers, etc. My behavior can put the company at risk (as well as people's lives). Does the company have the right to "monitor" my urine, blood or hair to detect my use of a substance that could negatively affect my judgement or response time?
Such monitoring as you describe would only be justified with consent (as a condition of employment), and only with human life at stake. Your company has people doing things at their desktops that can kill people? Unless you're at a spy agency, I think that's a little over the top.
And as been demonstrated by the fact that Office Max makes potential sales hires pee in a cup, it's a slippery slope.
I too have felt the cold finger of injustice.
Although I'm self-employed (I do usually manage to censor my own e-mail :-) I ssh-tunnel my own POP and SMTP traffic to an offsite server (works like a charm under Windows with Cygwin and Mozilla). This is to deal with constantly changing SMTP configurations (I travel a lot) and the fact that many ISPs now block port 25, but it has the advantage of randomizing your e-mail packets on the LAN side, where they are most vulnerable to sniffing by your employer (or others).
Of course, if you use THEIR computers, then they can just record your keystrokes....
Presumably if you're savvy enough to figure out how to ssh-tunnel your mail, you're not going to go opening the wrong sort of attachments...
I don't even have time to read my freakin' email, you think I'm gonna read yours?
sic transit gloria mundi
32 MB, 10 free at the moment.
I dunno. I work with someone that has the interests of the customer foremost above everything. It's like he has a crusade to bend over backwards to show the customer that we care. Even to the point of pointing out where faults are in the software instead of simply saying, "we have an issue, and we're working on it." And my current task for getting the requirements for the next build to the real customers is way behind because this fine fellow keeps thinking of things that he thinks that the customer needs. Unfortunately, we're in a small company, and the owner feels that this guy's word is golden (and he's fireproof), plus he keeps promising customers anything that pops into his head, so we never ship on schedule anymore. In fact, we ship when he figures out that not getting the software to the customer is a worse thing than not putting in more features.
DT
Is this thing on? Hello?
You gotta love the way these filters actively point out and emphasize "bad words" in places where nobody would have thought to see them without the filter helping.
My favorite was the chat filter (which had no option to turn it off on the client, naturally) in the MMORPG "Earth & Beyond" which ignored spaces in words in an attempt to defeat people writing "f u c k" and the like.
One of the words on the censored list was "fag." What this meant was, anytime anyone had a word ending in "f" followed by the word "a" followed by a word starting with "g", the letters were replaced by asterisks.
"Anyone know of a guild looking for..." became "Anyone know o* * *uild looking for..." etc.
Naturally, this would result in several WTFs followed by a discussion about "fags," using every other variation for the word that people could possibly think of. "Whoops, I'm sorry, I meant, 'Anyone know ochocolate thiefuild looking for...'" etc.
At my company, they have a service which automatically updates the web filter with new sites to ban, on a daily basis. They can click on what kind of stuff they want blocked - webmail, porn, sports, etc. Since that's pretty much all this company does for it's money, it's pretty thorough.
Fortunately, my company opts just to block webmail and porn, and we're not crappy when it comes to using mail for personal things - I run the e-mail system and I don't care what people use it for as long as they aren't abusing it. (I won't, however, go out of my way to help them recieve a newsletter or something else non-business related. If it works for you, fine, but if not, sorry!)
Some web mails will get through, sure, but the number is very small. All the major and not-so-major web-mail providers are blocked, including most universities and such.
I can't blame them for wanting to do this. We block all executable attachments at the gateway, but we can't control the content of Webmail attachments. We do have virus protection on all workstations and servers can't browse, but there's always a chance that a new virus will come out, before the scanners pick them up, and cause all sorts of shit. We run Windows everything, so it's a valid concern.
- It's not the Macs I hate. It's Digg users. -
What happens if you encrypt/+sign e-mail? (thinking PGP, ...) Using encrypted email with clients does make things a little more secure (or so I thought). But if the companies want to snoop all e-mails, they'll have to ban encrypted email! Either ways, Convincing their employees to use Shared IMAP folders for official mail that others should be aware of, should help them better than such rigorous snooping.
Companies using servers like MS Exchange or Lotus Domino archive all mail, even if they don't employ people to read them. They claim that this helps in archiving and backing up information that can be retreived later. Whatever is done, at least in small/mid-sized companies trusting employees works better.
No Greater Friend, No Greater Enemy! (Lucius Cornelius Sulla)
For those looking for the original analysis, it can be found at http://www.techdirt.com/articles/20050427/0548219_ F.shtml
If you cant protect your own company *before* it gets bad enough to be in a judges lap, then its a bad law.
Its not private email once you step onto the property. Nor should it be treated that way.
There *are* restrictions on who gets to review the documents. You cant just "share with a colleague". ( as it should be ). Normally you cant discuss them with anyone other then the "Human Resources" department.. There is control, its not just a 'free for all'.
Now, once you step OFF the property its not their business and should require at the least a court order.
---- Booth was a patriot ----
If you don't want to see the REST of your freedom go away by 2010, I'd indeed reconsider "making babies".
Seriously, having kids eliminates nearly 100% of your freedom. You literally stop having a life.
I'm of the firm opinion that this planet has enough people already, and it's not really your "duty" to make more. Just enjoy life, travel, have fun.
You don't HAVE to follow "the script"!
Reading some of these posts I realized how fortunate I am to be an I.T. professional having worked in a number of companies, none of which had these draconian rules. Sure, they all had ominous sounding policies, but at least as far as I could tell it was never enforced or made an issue of.
I and many others have brought up the point that management of emails should be no different than management of phone use. My question, is sending a message via a phone, different then sending a message through email? The first thing that comes to mind is that you can point to an email after the message is delivered, it hangs around. Someone brought up the example of an engineer who accidently hit "reply all", shot his mouth off to the clients, and lost a big project for the company. Similar comments would have been damaging in a teleconference, but no one would have had an exact copy of his words to circulate around. Just a thought
Exprit of current law in one small country:
The only reason to study (unanomymised) message identification data for other purposes than resolving technical problems is below:
Note, that it is not allowed to read identification information unless it is matter of fraud. And in no case corporate subscriber is allowed to screen or learn the content of messages. (Virus scanning is allowed in other chapter.)
Joke email weren't included when I tried to calculate the amount of time wasted. The only emails which I used to calculate that number were the replies, which ranged anyware from a single sentence to 5 full (!) paragraphs.
In short, I did it right.
Feed the need: Digitaladdiction.net
"We run Windows everything, so it's a valid concern."
That's very observant.
I can see reasons for blocking unauthorized download, attachments etc. I do not see a reason for them to actively monitor all your messages. This is no different than spying on a phone conversation, or possibly lifting your mail (if you get a personal letter at work, it's still your letter).
How would monitor email have stopped this scenario? You already knew the email was sent, that the sender screwed it for everyone, and it was already sent. Would it have prevented this situation if you'd had open access to his inbox?