Slashdot Mirror
One-Third Of Companies Monitoring Email
dotpavan writes "While studies have shown that spying on workers tends to make them less productive, that hasn't stopped approximately 1/3 of all U.S. companies from employing email monitoring tools. 43% of those companies employ staff to check outgoing emails. This seems like quite a waste. While there are some times when it makes sense to monitor emails (or it's required by law), most of the time, this seems like a complete waste of money. Not only are you upsetting workers and decreasing productivity, the benefits are pretty hard to spot. The number of "problem" emails tends to be incredibly low. If someone really wants to send out inappropriate emails, they're going to figure out some other way to do so, such as via a free webmail account somewhere. Yet, the companies are buying up expensive tools and hiring staff to watch just in case they catch the one or two problematic emails that go over the corporate network."
Does that count companies like mine, that once bounced email back to me because I described a process as "sucking up all the CPU time", only to be told that 'suck' or 'sucking' is not allowed in our email?
fire up your browser and use your gmail acc.
"First they ignore you, then they laugh at you, then they attack you, then you win." -- Mahatma Gandhi
You wouldn't consider hiring folks to monitor e-mail if your firm suffered public embarrassment or lost business due to leaked information. While I agree that it is sad that employers don't feel that they can trust their employees, I honestly cannot blame them.
Until some moron starts harassing his ex-girlfriend from his work account and you company gets sued for umpteen million dollars. Then it would've made a lot of sense!
You not lose the case, but the lawyer fees would probably make the monitoring look very attractive.
Also, haven't you worked with at least one person dumb enough to try to mail out the company's source code or mail out resumes from their work account? I know I have.
Agile Artisans
Is here: http://www.infoworld.com/article/04/12/02/HNmanage rsmisuse_1.html?source=rss&url=http://www.infoworl d.com/article/04/12/02/HNmanagersmisuse_1.html/
At the magazine I edit, many of the department email address forward to me before they go to the department editors. Part of the reason is that some of the department editors can be, shall we say, less than diplomatic when dealing with incorrigible readers. Part of my job is to ensure that exchanges do not become denigrating or insulting, and to avoid lawsuits.
Ignorance is curable, stupid is forever.
What I find interesting is the distinction between email and phone use. It's illegal in many states -- may even be federal law for all I know -- to listen in on employee phone communication. Why doesn't email deserve this same protection?
I mean seriously, it is THERE email servers/system.
It's company resources - you are employed by them, for them.
is that you can legally get access to the sent and recieved email of graduate students, faculty, and staff at state runs schools under some open information act. Yeah, it's happened in my department.
When your company is liable for the one or two problematic emails to the tune of millions of pounds, it starts to seem slightly less silly.
I worked for a company that was developing a software product for a single large customer. This customer is a very large technology company that had various factions in it that were for or against our product.
My boss who was the engineering VP had told everyone repeatedly to be very careful about the kind of emails to send to them.
The email that killed us was a "reply all" to a thread announcing that a build of our product that was available for evaluation. An engineer hit "reply all" and then proceeded to write a highly negative diatribe about the build. The reason why he did that was he was upset that he hadn't had time to put in a fix for some particular hardware configurations. Of course, we had months of development left in the project and his fix would have been in the next build. However, he did not state this very precisely, nor did he consider his audience.
The folks who did not like our product (because they percieved it to be a threat to their political power within the company) used his email to convince the CEO of the customer company to cancel our project.
I was in an "Oh Shit" meeting the next day with our CEO and the rest of senior management. Our CEO stated that he wanted to throw the engineer who sent the email off the roof of our building (which is maybe 25 floors). Ultimately this email lead to the layoff off of 130 out of 150 employees during the middle of the resession (November 2001) and ultimately the company limped along for another year before folding. Fortunately for me, I was positioned exactly right (politically) to be able to stay, but a lot of really good people lost jobs at the worst possible time.
If that email had *not* been sent, we might have hung on long enough to ship the product. If that had happened, it would have meant that the people in the "customer" company would havee been promoted, our company would have made some money and maybe been acquired. I'd probably still be working there.
That said, I have no problem with companies monitoring email.
Avoid Missing Ball for High Score
The people who are hired to "spy" on their fellow co-workers are generally looking for those types of violations and if somewhere in the middle someone is sending out porn, or using their employment at a prestigious company for ulterior motives, or any other myriad of the violations of common (or clearly stated at the time of your hire) corporate network use and they get caught, well... the flour sifter has caught a few more flies.
Despite the fact that we all work with them or are them, from the top tiers of management and from the shareholders viewpoint those violators are not the types of employees that you want to employ or want on the payroll.
Companies tent to benefit from firing these people because they show to their employees and clients that they are there to do business and just business.
If this was about ISP or the government spying on an individuals emails, then that would be a valid case and cause to rally the troops of the revolution, but when you are using someone elses network, someone elses resources, and being paid not to...well I don't really see the cause for concern.
Let's keep in mind that patents are in place to keep lawyers employed and keep them litigating. -CatGrep
let's say employee X seends an email saying how much he hates minority group A, or how Secretary B should really be dating him if she wants to get ahead. Lawsuit city. Now, the resonable thing to do is sue the person who committed the crime. The profitable thing to do is sue the corporation, who then has to go out of it's way to prove they were doing something to prevent this kind of behavior.
Moreover, with all the top heavy companies these days, all those managers have to find something to do with their time. You can only implement so many inane policies before the well runs dry.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
To be pedantic, in my opinion the problem is the 2/3 of companies that aren't monitoring e-mail. Corporate law holds companies liable for e-mail from any networking assets they own, so it does actually seem sane to monitor and restrict.
The solution becomes obvious; if you want to send personal e-mail from work that might violate slander laws, threaten to assassinate the president, or contains childporn, send it via your own machine. I for one make sure that during working hours, all my personal e-mail goes via my Gentoo Linux boxen at home. Then it is no longer your employer's problem, by strict interpretation of the Corporate Communications Act of 2002.
"While studies have shown that spying on workers tends to make them less productive, that hasn't stopped approximately 1/3 of all U.S. companies from employing email monitoring tools. 43% of those companies employ staff to check outgoing emails.
The "study" referenced does not address eletronic monitoring of employees.
The paper is about trusting employees to work from home and other "remote" locations. Evidently, Microsoft doesn't feel that employers should feel the need to physically watch over their employees - perhaps because remote office work could be beneficial to Microsoft's bottom line.
To claim that this paper is an academic study referring to the negative aspects of corporate electronic monitoring is way off base. Instead, it smells like a Microsoft whitepaper promoting Microsoft products within UK employees' homes.
Using the same analogy that its not important is like not having a security guard at the front desk.. "well its only 1% of buildings that get broken into". Why have fire detection systems? So few places burn to the ground its just a "waste of time and money"
It only takes one bad mail to kill a company. Either via leaving you liable or trade secrets, or even outright fraud.. Its not just about lost productivity of employees playing around with email instead of working. Need to change your 'its unfair' mindset. Its a business and you are being paid to work, it does not have to be fair.
---- Booth was a patriot ----
How do they enforce webmail ban?
Sure, they can ban well-known webmail hosts, but with just about every ISP and university having web mail, that's a very long list.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
carry around a copy of putty on a usb drive. if you're using a windoze machine at work, insert the usb drive, fire up putty, and secure shell to a machine that will allow you to send as much email as you please.
this also assumes that you have shell access somewhere. but don't we all?
of course they could go ape shit and block port 25 on you.
nature loves variety::society hates it get your variety at http://www.monkeypantz.net
My own personal belief is that this stems from resource control. Companies pay their employees for the time and they pay service providers for the connection and that meny gets wasted when people are not doing their jobs and the resources are being used for personal gain. I know it seems like a small thing but it probably stems from an "all of nothing" policy.
In addition, as someone earlier pointed out in an earlier post, the company may also be shielding itself from litigation if one staff member is creating an intolerable environment through any of the usual vehicles (racism, sexism, sexual harassment, etc.) and while the instigator is the cause they are not a good source monetary gain whereas the company is and it is fairly easy to convince a jury the company was negligent. Additionally, what happens if an employee shows up on RIAA/MPAA's radar?
The expectation is that companies are be omnicient and omnipresent in regards to their staff's activities even though it is not realistic.
The main issue I have with this is that companies do not even *tell* their employees which to me ought to be illegal. When I worked for a system integrator/support agency there was a client who would monitor e-mails and refused to inform his employees. So my co-worker who was their regular support rep would sit down with new employees and during account creation would inform them of the monitoring.
How companies handle it leaves much to be desired too. Another coworker from that system integrator I used to work for has a brilliant strategy for how companies should deal with net abuse - simply drag the offender in, put the fear of god into them, and then let word of the infraction spread. It generally worked too because after one company put that into practice, abuse of the internet connection ceased. Every so often someone would test and see if the company dropped its gaurd and the process repeats itself.
Anonymous Cowards generally receive no replies because you're a coward and I'm a bitch
I don't know about you, but it's important to me to be treated as a professional. There are expectations on me that are strictly and entirely limited to my job. The rest of it, as far as I'm concerned, is none of anyone's damn business.
On top of this, it's also been my experience that wasting time and resources on monitoring your empoyees email is the kind of low-rent activity that "managers" engage in when they can't actually think of anything usefull or productive to do. Maybe they teach this in Business school, instead of that elective in ethics that no one has time for anymore.
Whenever unions are brought up on Slashdot, they're usually in the context of low wages or long hours.
But here's another prime example of where some kind of union could prevent this kind of invasion of privacy (and waste of money). But without any kind of organization that can negotiate on the behalf of the employees, most workers just have to take it.
Now before the Libertarians get their briefs in a bunch, no, a corporation has no legal responsibility to respect the freedom of speech of it's employees. Yes, employees are free to find another job. But sometimes those excuses just aren't good enough.
"The folks who did not like our product (because they percieved it to be a threat to their political power within the company) used his email to convince the CEO of the customer company to cancel our project."
:), and they will use their own spin on every "fact" that they can. Trying to put blame on the poor guy/gal that sent a poorly thought-out e-mail rather than the evil people that scuttled the deal doesn't seem right.
Errr.... Yay team!???
This more or less indicates that your company had bigger problems than that e-mail. If people who want to destroy the company are in a position to do so, they will. Blaming a nasty, ugly situation on one person seems to disregard the fact that there were a number of people, and a fair amount of time invested in pushing the big red self-destruct button for your company.
Your post seems to blame the person without considering that there were a lot of other contributors to the situation than just this one person.
There are egomoniacal jerks with waaay more influence than is healthy in pretty much every company (at least in my experience
"Yet, the companies are buying up expensive tools and hiring staff to watch just in case they catch the one or two problematic emails that go over the corporate network."
I've worked for companies under investigation by the SEC for inappropriate behavior. Sometimes "one or two" emails is all it takes to break the law and cause a company's stock to plummet.
My current company 'buys up expensive tools' and 'hires extra staff' to run backups on the network, just in case one or two problematic hard drive failures occur. Why is it ok to monitor company hardware but not ok to monitor company communications?
IMHO, companies should not actively monitor, but they should keep a "paper" trail for a certain amount of time. I am against active monitoring, but if a problem arises it is crucial to have history to refer to. My company keeps email records for contractors only, but doesn't waste the resources (or ethical capital) to examine them. However, at least once it has proven invaluable. We once caught a contractor stealing trade secrets and transmitting them to a cohort via email. He probably would have gotten away with it otherwise.
A friend of mine used to work in the IT department of a major casino. Apparently all casinos have a huge database of everyone that plays, what they play, how often, etc.. This database is highly valuable to other casinos. I've heard that rival casinos will pay 10-20k for it.
So someone with access to it is about to sell it. Naturally all the email filters are in place and she was smart enough not to try that. So she figured she would just print it out and walk out with it. She got caught, however, when she called the IT department because the print server crashed. Apparently, sending a 10,000 page document to a print server doesn't quite work as well as one might hope.
----
Squirrel
that hasn't stopped approximately 1/3 of all U.S. companies from employing email monitoring tools.
Why not link to the source for your source (login)? The ITFacts.biz story got it wrong anyway: "33% of US companies monitor employees' e-mail" is wrong--the direct quote was "Almost 33 percent of 140 North American businesses..." You and ITFacts were off wrt the number and the sample. Oh, and the Tribune article was merely a syndicated column, using data from a nearly year-old study. Not exactly news. Where did I find that out? Look, it's ITFacts.biz! Yep, TFA was a double post.
Let's continue because we are not done fixing your post:
43% of those companies employ staff to check outgoing emails.
Wrong. It's "more than 43%" of companies with over 20,000 employees (not 43% of monitoring companies), according to the study. The one-third figure expands the sample to include all companies.
It is also worth noting that the study in question was sponsored by ProofPoint, which in fact sells monitoring software. So you could say that Forrester had a financial interest in high-balling the figure (which it appears they did, with all this "almost 33%" business).
Do your personal stuff at home. If you don't like that, quit, or just wait to get fired for cause.
Any company would be foolish NOT to implement some sort of email monitoring or archival. Why?
1) Liability. If something is sent by company equipment, by a company employee, it becomes the companys responsibility. At my current employer, we had a customer service rep go rogue and send a nasty, racist email to a customer via yahoo mail, using our equipment. We narrowly escaped a lawsuit by doing some serious sucking up. thankfully, we kept logs of all web based activity and were able to prove who it was and fire their ass in a quick and apparantly pleasing manner (to the victim at least).
2) Productivity. Believe it or not, but email can be used to do some serious slacking off. At my previous employer, I was asked to implement an email monitoring system and figure out precisely how much time was wasted by the employees. The worst offender was found to have 48% non work related emails by volume. That translated into approximately 2 hours of wasted time PER DAY.
3) Theft. I have been witness to two attempts at theft using email. The first one, we had insufficient evidence. The second one however was nailed inside of 2 hours. She was stealing confidential customer lists on behalf of the former sales manager who, unbeknownest to me, was having an illicit extramarital affair with her. If there was no monitoring, she would have gotten away with it.
The lack of any real world knowledge or experience is quite apparant in the person who submitted this story. Email monitoring is, unfortunately, a necessary evil. HAving said that, I would like to emphasize that I am talking about MONITORING, and not BLOCKING. Using word filters is dumb. Its better for them to send it and catch them after the fact than to prevent them from sending it in the first place. Better for them (the ones likely to abuse company resources) to think they can get away with it and nail their ass, then to force them to get all sneaky and find ways around the monitoring.
Feed the need: Digitaladdiction.net
Well seems like the slashdot crowd havent heard about the recent NZ police porn scandal (which has been a huge deal in the media!)
3 00,00.html
l
Streaming video of news: http://www.xtra.co.nz/streaming/0,,10550-4309851-
txt: http://xtramsn.co.nz/news/0,,11981-4311659,00.htm
"A police audit has found that about 20 percent of email capacity was taken up with pornographic images, and 300 officers are under investigation for having pornography on work computers. "
now, perhaps monitoring software could have at least prevented the email exchange of porn, would have made it a whole lot less embarrassing for the police!
What privacy ?
You are AT work on the COMPANY OWNED premises, using computers owned BY THE COMPANY, being paid to ONLY produce. ( unless you have a job that pays you to not do anything.. )
If you want privacy, go home where you have that right. But dont expect it at the office, as you DONT have that right. Pretty simple.
---- Booth was a patriot ----
I went to an orientation once for a big contracting firm and one of the managers had what I thought was a great way for everyone to think about using email at the office.
In a nutshell, he said people should think of using a company PC the way they already think about using a company office phone.
Nobody minds an occasional call( now email ) to take care of a small personal issue, but people do care if they spend if you spend all day on the phone ( email ).
By the same token, people in most jobs do not expect their office line to be tapped and the contents monitored.
There's a small possibility
Dude, doing something like that is going to show up soooo easily on the systems I use to monitor the various firewalls at our perimeter. It is very likely that I do not even have the ports/protocols opened that you need to connect to your home system from your desk at work.
If I caught you purposely building a tunnel to your home PC (which then provides an avenue for worms on your home machine to attack the corporate network), you would not be employed much longer.
If you have a high-paying job that you love, I'd go easy on the "I'm building a secret VPN tunnel to my home network" thing. If you are just a peon and you can get another $10/hr job the same day they fire you, then ignore what I said above.
-s
Exprit of current law in one small country:
The only reason to study (unanomymised) message identification data for other purposes than resolving technical problems is below:
Note, that it is not allowed to read identification information unless it is matter of fraud. And in no case corporate subscriber is allowed to screen or learn the content of messages. (Virus scanning is allowed in other chapter.)