Slashdot Mirror

← Back to Stories (view on slashdot.org)

One-Third Of Companies Monitoring Email

Posted by timothy on from the good-thing-it's-the-weekend dept.

dotpavan writes "While studies have shown that spying on workers tends to make them less productive, that hasn't stopped approximately 1/3 of all U.S. companies from employing email monitoring tools. 43% of those companies employ staff to check outgoing emails. This seems like quite a waste. While there are some times when it makes sense to monitor emails (or it's required by law), most of the time, this seems like a complete waste of money. Not only are you upsetting workers and decreasing productivity, the benefits are pretty hard to spot. The number of "problem" emails tends to be incredibly low. If someone really wants to send out inappropriate emails, they're going to figure out some other way to do so, such as via a free webmail account somewhere. Yet, the companies are buying up expensive tools and hiring staff to watch just in case they catch the one or two problematic emails that go over the corporate network."

28 of 373 comments (clear)

  1. so what? by lanc · · Score: 2, Insightful


    fire up your browser and use your gmail acc.

    --
    "First they ignore you, then they laugh at you, then they attack you, then you win." -- Mahatma Gandhi
    1. Re:so what? by Anonymous Coward · · Score: 1, Insightful

      Except I doubt the corporate firewall can decrypt SSL fast enough to check what's attached to my webmail, much less what the content is.

      While I no longer think that my squirrelmail webmail service protected by SSL (yes, the whole site is SSL-protected, not just the login page) will keep my government out, I am fairly certain that my employer still can't decrypt on-the-fly.

      I setup SSL-protected access to my mail because my employer has no right to my personal business.

      In this day and age, everyone is connected and it is impossible to live your life without access to personal communication - this means being able to call your spouse and ask if the insurance payment has been made, e-mail your sister to tell her that your flight is coming in at three o'clock, can she please pick you up? All kinds of things that can't necessarily be completed after-hours, but CAN be done through a couple of e-mails while sitting at your desk performing other tasks.

      The point is, life cannot be lived without personal communication. I believe I don't have to give up access to my personal life to my employer. Or else I need another employer.

    2. Re:so what? by Anonymous+Luddite · · Score: 4, Insightful


      My company has restrictive policies as well. we aggressively monitor systems use, external phone calls, email and internet traffic. I can tell you they're worried about the wrong thing:

      USB drives are what the babysitters should be shitting themselves over. How many companies have a huge list of staff in engineering and other sensitive areas with have local admin rights?. plug, play, cut, paste and you could see hundred sensitive documents go to your competition.

      Lift a gigabyte of restricted documents no one will notice, but send an email with a rude word in it and you get counselled for "unnaceptable" conduct.

      security concious? no. righteous and moral? yes. wrong focus for a business, I think.

      --
      http://request-header.info
  2. A waste? by dhakbar · · Score: 5, Insightful

    You wouldn't consider hiring folks to monitor e-mail if your firm suffered public embarrassment or lost business due to leaked information. While I agree that it is sad that employers don't feel that they can trust their employees, I honestly cannot blame them.

    1. Re:A waste? by kfg · · Score: 5, Insightful

      This isn't about leaked information. Anyone who wishes to leak information has multiple avenues to do so quite easily, given that they have access to the information in the first place.

      Their own brains being the most obvious means. Notebooks and copy machines being others.

      No, this is primarily about "hostile work environment" and sexual harrassment lawsuits and such like, with a healty dose of rigid heirarchical control syndrome (formerly known as Overseers Disease, formerly known as "Asshole Boss") thrown in for good measure.

      KFG

  3. Waste of time? by jarich · · Score: 2, Insightful
    This seems like quite a waste

    Until some moron starts harassing his ex-girlfriend from his work account and you company gets sued for umpteen million dollars. Then it would've made a lot of sense!

    You not lose the case, but the lawyer fees would probably make the monitoring look very attractive.

    Also, haven't you worked with at least one person dumb enough to try to mail out the company's source code or mail out resumes from their work account? I know I have.

    --
    Agile Artisans
    1. Re:Waste of time? by Meshach · · Score: 5, Insightful
      I don't really care about what "makes sense" from a company's point of view, when the result is a restriction of my free speech.

      How is it your free speech to use your company's bandwidth and server time to send emails?

      You can go home and do whatever you want on your own machine. When your working you are on the company payroll so if they don't like what you are doing you should stop.

      Free speech is an important right but it has nothing to do with this discussion
      --
      "Maybe this world is another planet's hell"
      Aldous Huxley
  4. Telephone versus Email by Henry+V+.009 · · Score: 5, Insightful

    What I find interesting is the distinction between email and phone use. It's illegal in many states -- may even be federal law for all I know -- to listen in on employee phone communication. Why doesn't email deserve this same protection?

  5. Hmm...surprised the number isn't higher... by caino59 · · Score: 2, Insightful

    I mean seriously, it is THERE email servers/system.

    It's company resources - you are employed by them, for them.

  6. Re:Automatic or manual? by Criffer · · Score: 5, Insightful

    As if sucking is a swear word. Hell, I suck lollipops all the time!

    And what about the word 'hell'. Well, coming from a Christian activism group, that's a valid word. Or chicken farmers talking about cocks. What's next? People called Richard being unable to use their abbreviated name? One Linux distro forum site censors the word "documentation" as "do***mentation".

    Censorship is stupid. Automatic censorship more so.

  7. Productivity? by oniony · · Score: 1, Insightful

    How does monitoring employees' email make them less productive? All of the monitoring products I've come across work transparently as a feature of the mail server.

    --

    Powered by onion juice.

  8. Re:So what? #2 by Anonymous Coward · · Score: 1, Insightful

    "So quit your job if they're dicks" is not exactly an option to many people, if they be raising families and have other mouths to feed than their own.

    Despite popular opinion not everyone here at slashdot is living in their mom's basement. Sure, you can quit any job if you are. Not an option to many. Responsibilty - heavy concept, huh? Grow up.

  9. liability issues by dspacemonkey · · Score: 5, Insightful

    When your company is liable for the one or two problematic emails to the tune of millions of pounds, it starts to seem slightly less silly.

  10. Re:So what? #2 by Anonymous Coward · · Score: 1, Insightful

    So leave that firm.

    I'd have more reservations about working for a company that doesn't ban webmail than I would about working for a company that monitors email.

  11. Biased much or is this just misplaced paranoia? by Clinoti · · Score: 2, Insightful
    There are a lot of applications and environments that require any means of communication, storage, and media to be monitored. The three headed deity of Espionage: International, Industrial and Corporate, demand that you do so.

    The people who are hired to "spy" on their fellow co-workers are generally looking for those types of violations and if somewhere in the middle someone is sending out porn, or using their employment at a prestigious company for ulterior motives, or any other myriad of the violations of common (or clearly stated at the time of your hire) corporate network use and they get caught, well... the flour sifter has caught a few more flies.

    Despite the fact that we all work with them or are them, from the top tiers of management and from the shareholders viewpoint those violators are not the types of employees that you want to employ or want on the payroll.

    Companies tent to benefit from firing these people because they show to their employees and clients that they are there to do business and just business.

    If this was about ISP or the government spying on an individuals emails, then that would be a valid case and cause to rally the troops of the revolution, but when you are using someone elses network, someone elses resources, and being paid not to...well I don't really see the cause for concern.

    --

    Let's keep in mind that patents are in place to keep lawyers employed and keep them litigating. -CatGrep

  12. Liability, and how to avoid it by Anonymous Coward · · Score: 2, Insightful

    To be pedantic, in my opinion the problem is the 2/3 of companies that aren't monitoring e-mail. Corporate law holds companies liable for e-mail from any networking assets they own, so it does actually seem sane to monitor and restrict.
    The solution becomes obvious; if you want to send personal e-mail from work that might violate slander laws, threaten to assassinate the president, or contains childporn, send it via your own machine. I for one make sure that during working hours, all my personal e-mail goes via my Gentoo Linux boxen at home. Then it is no longer your employer's problem, by strict interpretation of the Corporate Communications Act of 2002.

  13. Only takes once. by nurb432 · · Score: 2, Insightful

    Using the same analogy that its not important is like not having a security guard at the front desk.. "well its only 1% of buildings that get broken into". Why have fire detection systems? So few places burn to the ground its just a "waste of time and money"

    It only takes one bad mail to kill a company. Either via leaving you liable or trade secrets, or even outright fraud.. Its not just about lost productivity of employees playing around with email instead of working. Need to change your 'its unfair' mindset. Its a business and you are being paid to work, it does not have to be fair.

    --
    ---- Booth was a patriot ----
  14. how do they enforce this? by davidwr · · Score: 2, Insightful

    How do they enforce webmail ban?
    Sure, they can ban well-known webmail hosts, but with just about every ISP and university having web mail, that's a very long list.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  15. It's a Necessary Evil by JenovaSynthesis · · Score: 2, Insightful

    My own personal belief is that this stems from resource control. Companies pay their employees for the time and they pay service providers for the connection and that meny gets wasted when people are not doing their jobs and the resources are being used for personal gain. I know it seems like a small thing but it probably stems from an "all of nothing" policy.

    In addition, as someone earlier pointed out in an earlier post, the company may also be shielding itself from litigation if one staff member is creating an intolerable environment through any of the usual vehicles (racism, sexism, sexual harassment, etc.) and while the instigator is the cause they are not a good source monetary gain whereas the company is and it is fairly easy to convince a jury the company was negligent. Additionally, what happens if an employee shows up on RIAA/MPAA's radar?

    The expectation is that companies are be omnicient and omnipresent in regards to their staff's activities even though it is not realistic.

    The main issue I have with this is that companies do not even *tell* their employees which to me ought to be illegal. When I worked for a system integrator/support agency there was a client who would monitor e-mails and refused to inform his employees. So my co-worker who was their regular support rep would sit down with new employees and during account creation would inform them of the monitoring.

    How companies handle it leaves much to be desired too. Another coworker from that system integrator I used to work for has a brilliant strategy for how companies should deal with net abuse - simply drag the offender in, put the fear of god into them, and then let word of the infraction spread. It generally worked too because after one company put that into practice, abuse of the internet connection ceased. Every so often someone would test and see if the company dropped its gaurd and the process repeats itself.

    --
    Anonymous Cowards generally receive no replies because you're a coward and I'm a bitch :)
  16. Moral priorities by sbenj · · Score: 2, Insightful
    Many people have noted here already that there are legal implications, and perhaps practical reasons why one might want to monitor. I think there's another dimension to this entirely. Putting aside entirely the question of whether or not an employer has the legal right to monitor your email (and given that legal rights can often be purchased by large enough economic players, e.g. Credit card companies & the recent bankruptcy law changes, so I don't take them as a usefull guideline to what is or is not moral behavior) or the question of whether or not it might be useful for your employer to do so (that is, whether it's a reasonable conclusion that they might get something out of montioring you) there's this horrible sense I get that more and more the people we work for treat us as property. To me this sounds an awful lot like people who work in walmart having their bathroom breaks monitored. Isn't there something just, .. just wrong with our becoming accustomed to this idea that the organization we work for is justified in doing anything to us that's not strictly illegal?

    I don't know about you, but it's important to me to be treated as a professional. There are expectations on me that are strictly and entirely limited to my job. The rest of it, as far as I'm concerned, is none of anyone's damn business.

    On top of this, it's also been my experience that wasting time and resources on monitoring your empoyees email is the kind of low-rent activity that "managers" engage in when they can't actually think of anything usefull or productive to do. Maybe they teach this in Business school, instead of that elective in ethics that no one has time for anymore.

  17. Corporate culture by Anonymous Coward · · Score: 3, Insightful

    "The folks who did not like our product (because they percieved it to be a threat to their political power within the company) used his email to convince the CEO of the customer company to cancel our project."

    Errr.... Yay team!???

    This more or less indicates that your company had bigger problems than that e-mail. If people who want to destroy the company are in a position to do so, they will. Blaming a nasty, ugly situation on one person seems to disregard the fact that there were a number of people, and a fair amount of time invested in pushing the big red self-destruct button for your company.

    Your post seems to blame the person without considering that there were a lot of other contributors to the situation than just this one person.

    There are egomoniacal jerks with waaay more influence than is healthy in pretty much every company (at least in my experience :), and they will use their own spin on every "fact" that they can. Trying to put blame on the poor guy/gal that sent a poorly thought-out e-mail rather than the evil people that scuttled the deal doesn't seem right.

  18. Re:A single email killed my startup by mbaciarello · · Score: 2, Insightful

    I wonder how human filtering can be effectively implemented at this level - an automated system being useless in these circumstances.

    The human filter for this case would have had to know all about the company's policy regarding communications with its client, plus a good deal about the application being developed. Multiply this by N times in large companies with multiple projects and clients. Throw in cases where a client's liaisons can/need to know about problems in development...

    Furthermore, there's always the chance of misreading or misinterpreting a message, or pressing the wrong button, or not noticing that a client's address is in the Cc: header, as I guess was the case here...

  19. It's not that cut and dry by jerkychew · · Score: 3, Insightful

    "Yet, the companies are buying up expensive tools and hiring staff to watch just in case they catch the one or two problematic emails that go over the corporate network."

    I've worked for companies under investigation by the SEC for inappropriate behavior. Sometimes "one or two" emails is all it takes to break the law and cause a company's stock to plummet.

    My current company 'buys up expensive tools' and 'hires extra staff' to run backups on the network, just in case one or two problematic hard drive failures occur. Why is it ok to monitor company hardware but not ok to monitor company communications?

  20. Re:Mea Culpa by Corpus_Callosum · · Score: 2, Insightful
    At the magazine I edit, many of the department email address forward to me before they go to the department editors. Part of the reason is that some of the department editors can be, shall we say, less than diplomatic when dealing with incorrigible readers. Part of my job is to ensure that exchanges do not become denigrating or insulting, and to avoid lawsuits.
    When dealing with customers or other company related correspondence, having multiple eyes on the correspondence makes good sense for exactly that reason.

    I think this entire issue is somewhat confused. Let's face it, corporate email is for company business. People shouldn't be using it for personal matters. It should be considered an advantage for a company to ensure that it's correspondence with the outside world meets with expectations. For these reasons, it is clearly beneficial in for corporations to have open email policys (e.g. all corporate correspondence is subject to review). But the company should make it clear to employees that the reason such a policy exists is to ensure quality correspondence with the outside world and that it is okay to use non-company email at work for personal correspondence, which will not be monitored.

    If you want to send a dirty joke to your girlfriend, use yahoo mail, not your corporate email address. Besides not having to worry about your privacy being violated, you will be doing your employer a favor; It reflects poorly on your employer to have that crap bouncing around the Internet with their name attached to it.
    --
    The reason that it can be true that 1+1 > 2 is that very peculiar nonzero value of the + operator
  21. NZ Police (email) porn scandal! by jubalj · · Score: 2, Insightful

    Well seems like the slashdot crowd havent heard about the recent NZ police porn scandal (which has been a huge deal in the media!)

    Streaming video of news: http://www.xtra.co.nz/streaming/0,,10550-4309851-3 00,00.html

    txt: http://xtramsn.co.nz/news/0,,11981-4311659,00.html

    "A police audit has found that about 20 percent of email capacity was taken up with pornographic images, and 300 officers are under investigation for having pornography on work computers. "

    now, perhaps monitoring software could have at least prevented the email exchange of porn, would have made it a whole lot less embarrassing for the police!

  22. Re:Automatic or manual? by Cipster · · Score: 2, Insightful

    You are stupid for doing what you did. If they had ever caught you they could have done all kinds of things to you like charge you with crimes, put this on your permanent school record etc. DO NOT TELL THEM ANYTHING. Just don't fuck around on networks you do not own it could seriously mess up your future. Being branded a hacker and criminal could seriously impact your ability to go to college, get a job etc.

    Once you decided to mess around on their network your window of opportunity of "being honest" has closed. Now it's best to STFU, move on and consider yourself lucky you did not get busted.
    Oh and dont try the same stuff at whatever college you go to they may not have such clueless admins.

  23. Re:A single email killed my startup by Corpus_Callosum · · Score: 2, Insightful

    The customer who killed your project already had it in for you. They were going to get it killed no matter what, at any expense. Don't be so quick to point your finger, just because they used someone's email as a convenient excuse.

    If it wasn't that email, it would have been a different one or it would have been an article in Wall Street journal or a discussion of the weather or whatever.

    My point is, the reason they killed the project clearly has nothing to do with the email and it is terrible for you, knowing this, to blame the poor guy who complained about the build. For christsake, he is just doing his job. If anything, whoever granted access for the customers to be on the build-mailing list should be fired as that is a clear breach of practice (to provide politically minded business people in the customer organization with access to engineering build reports and whatnot).

    When someone will use anything as an excuse to kill a project, any imperfection will result in project termination. This means that everything must run PERFECTLY in order to continue. Are you going to blame the first person that makes a mistake for screwing up and destroying the company and 130 jobs?

    No amount of email filtering or censorship would have stopped this. The only thing that would have [stopped this email event] is preventing the customer from being on the list to begin with. But even if that was done, the customer would have found a different way to kill the project - it was already decided and was inevitable, someone else just would have been the patsy.

    Personally, I feel bad for the engineer that almost got dropped off the building. Sounds like he got blamed for mistakes that can only be attributed to incompetent management (Having 130 jobs depend on one project, providing your enemies with access to engineering build reports, finger pointing, etc..)

    --
    The reason that it can be true that 1+1 > 2 is that very peculiar nonzero value of the + operator
  24. It should be like phone use by beforewisdom · · Score: 3, Insightful

    I went to an orientation once for a big contracting firm and one of the managers had what I thought was a great way for everyone to think about using email at the office.

    In a nutshell, he said people should think of using a company PC the way they already think about using a company office phone.

    Nobody minds an occasional call( now email ) to take care of a small personal issue, but people do care if they spend if you spend all day on the phone ( email ).

    By the same token, people in most jobs do not expect their office line to be tapped and the contents monitored.