Slashdot Mirror
63% Of Corporations Plan To Read Outbound Email
John writes "Aviran's place reports that a recent survey of 332 technology decision-makers at large U.S. companies reveals that more than 63% of corporations with 1,000 or more employees either employ or plan to hire workers to read outbound email, due to growing concern over sensitive information leaving the enterprise through email."
The funny thing is... well, not so much funny as it is disturbing, signing an employment contract.
Remember that signature on that thick paper you've signed prior getting that high paid tech job? The one saying that everything you think of during working hours is theirs? The one that maybe is saying (in some cases) that everything you think on and off during working hours, while employed or 3 years after also belongs to them?
Well, it seems to me, and I might be way off here, that thinking up an email by an employee is in fact his company's property and hence, they have all the rights to read it, and it doesn't breaks anyone's right to privacy.
Can anyone with legal experience enlighten me on this one? Do the bastards have the right to do so, provided that one doesn't sign a document that explicitly states "you can read my email" but instead contains a fine version of "all your bases, off lunch hours, belongs to us?
And it's all going to be done through a goverment agency call the Thought Police.
Next, Telescreens and microphones in every home!
Slashdot = ((Technology + Politics) / Trolls) % Grammar Nazis
All your freedoms are belong to us.
Who do they hire to read the outgoing emails of the people they hired to read outgoing emails?
Go ahead, then explain to the shareholders how much of their money you wasted on nothing.
Seems like just another trick so management can fire people and bring in their own cabinet (brother/friend/etc.)
This is so far ahead of it's time I just don't know what to say...
I can't send more than maybe one or two MB of data through my email.
But I can easily shove a 1GB USB stick up my ass and walk out past the guards.
For that reason, site like Hushmail allow a SSL-secured web-based confidential mail.
*nods head*
This isn't funny as it has resulted in more than one person being terminated because of what was called "inappropriate" material (meaning someone COULD have taken offense to it. Remember...Charlie is Watching!
I'm not a troll, but I play one on Slashdot.
Couldn't one of these readers just "miss" a leak by someone they're working with?
Eh, it'll be us who is doing the monitoring anyway.
I, for one, welcome our new IT-geek overlords.
"... due to growing concern over sensitive information leaving the enterprise through email.""
Psst! Apple is going to switch to Intel processors. Pass it on.
For example if I include the name of one of my company's products plus "bug"/"flaw"/"crash" then I can expect a follow-up scolding from HR. (I found this out the hard way) Course that's cake compared to the other spying and practices that go on.
Get a job checking outbound email for espionage.
Seriously, there are so many ways to get info off computers your best bet is to focus on hiring decent people. Not infallible, just the least bad option.
I bet the same companies that are doing the email snooping have their employees send their username and password as cleartext while checking their email from countries with competent foreign intelligence services.
My corp uses AIM for internal communications, and I am really disturbed by this. I'm amazed the local admins have allowed this to go on. Basically all our conversations are going through AOL's servers and the internet, in plain text. And there is ABSOLUTELY no reason for this, since we're all on the local LAN.
I'm planning on setting up a jabber server on the linux box there, but it may be a chore getting employees to switch from AIM to something like gaim or trillian (does trillian support jabber?)
Interception of someone else's mail or email is illegal in the US. An employer who is committing this type of crime is facing some serious charges. Seems like even a few large companies are in for some major class action lawsuits.
to work for yourself. Being self employed is very hard but rewarding. :)
100% Of Corporations Plan To Read Outbound Slashdot comments.
uh oh.
http://cartome.org/panopticon1.htm
Mistrust is a self feeding phenomenon. If you feel the (irrational) need to spy on your employees you probably should seek psychological counseling. If your need to spy is JUSTIFIED, you should consider firing those employees!
Well, the gut reaction is to say this a bad and terrible thing (also a bit silly, as it seems to me that anyone with any technical know-how would just use internet-based mail to get sneaky anyhow), but really, if you're on their payroll, isn't it well within their right to make sure you're not doing damage to them?
At the very least, it seems like a good way for the companies to weed out the idiots who would be stupid enough to send questional material through their servers.
Yeah, it sucks to be being watched and not trusted like that, but this shouldn't outrage anyone. They'll probably reverse their policies when the costs of something like this start racking up with nothing to show for it.
Or you could use PGP. You know, with gnupg, through something like enigmail.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
..tell them about webmail. They'll NEVER see that coming.
-Valiss
My workplace is one of the many that has a "No camera phone" policy (thankfully not enforced). It really doesn't make any sense. There was a good Dilbert strip that sums it up pretty well.
Join moola.com, play games to earn money.
i refuse to use email at work!
IANAA, however I've been negotiating my own employment contracts for years. I carve out broad exceptions for any work I do offsite, without their equipment, and not under their direct orders. I also include a phrase exempting any pre-existing intellectual property. I also usually strike any anti-whistleblower clauses. So far, none of these changes have ever stopped my employment.
As I recall, the right to privacy applies only when and where one has a reasonable expectation of privacy. If you're in your employer's facility, on their equipment, using software licensed to them and interacting with servers owned by them; you've no more expectation of privacy than you do on a CB channel. Their ability to check your e-mail is roughly analogous to the rules that enable you to record phone calls in your own home if you inform the person who calls that they are being recorded (rule varies from State to State).
As with most draconian Big Brother initiatives this one won't work. What's to stop employees from just logging into a private webmail account over HTTPS and sending information out that way? Unless employers block browser access, search people for USB keys, iPods, floppies etc there's a dozen ways information can be leaked out of a building.
One of these days I'm moving to Theory - everything works there
Having just read everyone's e-mail I know, I would be GREAT for the job. Where do I apply?
Only time will tell whether reading employee email is good or bad for a company.
What's the effect on morale when everyone knows their email is being monitored? It will probably generate resentment, which leads to people selling out to the competition.
And what's to stop someone from saving some piece of information on a USB key, then sending that out by FedEx? Maybe email is the easiest thing to use, but there are lots of other ways to send data.
The more I think about it, the stupider it sounds. I think companies who bother reading outgoing mail will be worse for it.
Raise your children as if you were teaching them to raise your grandchildren, because you are.
From: steve@apple.com
To: paul@intel.com
Subject: Execute Order 66
Dear Paul,
let's do it,
signed
Steve
I guess they have to believe their stuff is worth stealing, doesn't leave you with much if it isn't.
/. . Gotta keep the riffraff out , even if they don't want in.
Sort of like having to prove your human to post on
Really. This wouldn't affect me in any way, because I never use work time for personal business, and I like my boss! He's so clever and intelligent.
hmm... your post is good
Can you give me more information on the "pre-existing intellectual property".
I'll be very interested to hear how you are handling that one.
As if anybody shrewd enough to be stealing corporate secrets (and presumably selling them to the highest bidden?) isn't smart enough to encrypt it, or, god forbid, send it through another mail server.
In the beginning the universe was created. This made a lot of people very angry and is widely considered as a bad move.
It's funny how people object to having their email read by other people but not by machines (like Google's ad engine).
Google should add a mail gateway feature to their yellow search appliance box which would automatically tag suspicous emails.
They should also provide a Web-based GUI which would combine internal analysis with external Google searches (competitors' employees names, etc.) to create a very productive snooping environment.
I can only assume they are looking for accidental information leaks. Obviously anyone interested in sending uncensored email would use Yahoo or Hotmail or something. Or a phone. Or whatever. Anything but corp email. Do they really think this will be useful? Is it really worth losing any good faith between management and employees? Forget about privacy. It seems like bad business.
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
Every single work e-mail I send is legitimate.
(as long as I can SSH home and use PINE to send all the personal e-mail I want)
Who really wants to use Outlook anyway?
I already read outgoing mail of all the people at my company I hate...what's a few more?
So the point of offshoring all those jobs...was to free up resources so that we can pay people to do nothing but paw through my communications all day?
Why don't we lock a tape recorder onto a collar on every employee and have the security guard unlock it at the end of the day? That way we don't miss any verbal communications either!
Any program relying on (nontrivial) preemptive multithreading will be buggy.
Heh. Unless they decide to put their computers to task cracking your encryption. It might take awhile, but if you're the only one in a company of thousands with enough know-how to use PGP, they might think your stuff is worth reading.
Tluin natha Linux xxizzuss uriu olt bwael mon'tun.
I bet even ROT13 "encryption" would defeat the corporate censors.
The Internet is full. Go Away!!!
A recent survey of 332 technology decision-makers at large u.s. companies reveals a growing concern over sensitive information leaving the enterprise through email and through USB memory sticks hidden in their employees ass.
In its 2005 study on outbound email security and content issues, email security vendor and ass searching expert Proofpoint found that more than 63% of corporations with 1,000 or more employees either employ or plan to hire workers to read outbound email and search their employees ass when they arrive and leave from work.
Tat Tvam Asi
I travel most of the week for my employer, so I use my business laptop after work hours for personal e-mail. My employer has the right to read everything I do on my laptop (including this comment). I even balance my checkbook on my work laptop - theoretically, my employer could view every purchase I've made for the past several years. That's too freaky.
Where do most companies draw the line? There is serious potential for abuse.
If you don't trust your employer, you make them untrustworthy.
-- these are only opinions and they might not be mine.
http://www.thinkgeek.com/tshirts/frustrations/31fb /
Just use this topic for any personal emails. Me, I don't give a damn if they read email that I type on their computers, if it's that secret, I'll use my lunch hour or wait till I get home to tend to these matters.
From someone who used to work there: eBay does this, too. Not only customer service, but billing, investigations, and a host of other departments use AIM extensively. Of course, they, like everyone else, are a Windows house, so we shouldn't really be surprised that they're so trusting of product-ology.
eBay, are you listening: stop passing sensitive information over the AIM network!
What's your username again?
>*clickety click*
...considering that it was carried out by a company that has a product for scanning outgoing mail...
This is oh-so-wrong on too many levels! One (that's too many.)! There are so many ways for employees to betray a financial or corporate trust. Likewise, there are many ways for an employer to betray a trust. This would, in my opinion, be one of the most onerous with many potential avenues for backfiring.
Consider the disgruntled or dishonest employee. Think they're intent to betray a company is stopped by this policy? Not a chance! This kind of "policy" would only bolster a disgruntled employee's rationalization/justification, etc. to follow through with betrayal. They only need choose some mechanism other than e-mail and there are many.
Now, consider the neutral employee... a policy like this could create a tipping point and generate resentment enough to give cause to consider doing something subversive to a company. After all, the company, by fiat, is essentially assuming an employee is "up to something".
Finally, consider the loyal employee (how many of those will there be after widespread policies like these?)... A quick glance around and loyal employees may begin to wonder what end from loyalty....
No, this is just plain bad policy.
what kind of an idiot leaks confidential information through their corporate email address? at least use a private email account from a non-work computer.
While there's some truth to this, one has to ask the question why employees would leak sensitive info. Could it be because the employees are maltreated, the company isn't doing a good job in selecting hires, or a combination of both? Besides, wouldn't it make more sense to copy sensitive info to a flash drive or CD-R, and just e-mail it from home in the first place?
Slashdot: Playing Favorites Since 1997
One of my employees was telling his girlfriend about it in email, that's where I read it.
I also found out about the testicle he had removed for cancer treatments. Freaky.
Yes, and with a keylogger they will know what you typed anyway... including your secret keys passphrase. Clever plan you got.
"As with most draconian Big Brother initiatives this one won't work. What's to stop employees from just logging into a private webmail account over HTTPS and sending information out that way?"
I got a better question. Are all you trying to slip corporate information out the door, and why? This really is much ado about nothing. Same with them listening in on your phone converstations. And NO, you have little to no expectation of privacy, constitution or not while at work.
I read their mail not the other way around.
Or at least they used to. I worked at Bell Labs in 1997 and one of my co-workers was escorted out of the building by security. He was discussing one of his projects with someone that he went to grad school with via email. It's not like he was selling info to a rival company, but he broke is confidentiality agreement and they fired him.
What's funny about this is that I told him they recorded every keystroke on the UNIX boxes (no one used Windows except for Word and Excel) and that they had a visible and hidden copy of the log file so they could compare. They probably had a third, but I only found the first two.
In today's companies, I find it amusing that they would claim to hire people to sift through outgoing email. My company won't hire people to train internal staff to do their jobs. Instead they pay people to correct the mistakes. It's a joke.
I've had to read peoples' emails when HR asks for emails related to a specific topic (usually legal), and I can tell you it's like washing someone else's laundry: it's voyueristic at first, but after a while, it's just dirty laundry.
Ummm, Jon, aren't you supposed to be dead...? - Otter(3800)
The people who were hired to read the outgoing email of the first group of people hired to read outgoing email have been sacked.
Raise your children as if you were teaching them to raise your grandchildren, because you are.
Elliott Gould had a longish monologue in the Vietnam-era movie Little Murders that could prove useful. Occasionally address the content of your mail to your spies. Sympathize with their boredom and loneliness. Let them know you forgive them and you know they didn't expect to grow up to be mail snoops. Let them know that you are lonely too and rail against the ennui of the two of you placed in this soul-sucking juxtaposition of pointless futility and faceless emptiness. What might life have been and what revelations could be discovered in the sharing of stark truth? But the charade must be maintained and contact cannot be established in the lunchroom or your "special" relationship with them would be shattered and would shatter the corporate structure you are all caught within. Mail regularly on schedule -- and then stop. You may have a sense for how long to maintain the tension. And what story to resume with.
It would be nice to have some observation of your target to see if you are having the desired effect but the ultimate prize would be for them to break cover and beg you to stop for their own well-being.
They outsource that task to India, what else?
So whats the storage capacity. Not excatly on the stick but in relation to the stick.
...will begin reading their incoming e-mail.
My comments are my own, and do not represent the views of my employer, my spouse, my children, or my cats.
and double your fun.
Assuming you can get to Gmail from work (not a given), note how you log in as https://gmail.google.com/stuff but after you enter your username & password, it becomes just http://gmail.google.com/stuff?
Well, here's the trick. Log in normally (not much choice), but after you do, change that http://gmail.google.com/stuff to https://gmail.google.com/stuff again. It'll give you the "loading" crap again, but afterwards, you're using Gmail normally but now it's encrypted.
Assuming they're snooping on you (you should figure this for a given, even if they're not--it's just good habit), now all they've got is the HTML from your inbox. If you're like me and filter all your normal email into various labels and have it "archived" (skip the inbox), they see hardly anything at all.
Yeah, I know. Some are convinced that Google is saving your email for a zillion years (they're not, but deletion is a "lazy" operation, and the computer might not get around to it for a day or two after you actually delete things), but unless you leave it on Google's servers after you need it, you don't have much to worry about. Especially not compared to your employers who probably ARE reading it whether you want to or not.
Sadly, I don't know of any way to do this directly from Hotmail or Yahoo. I guess you can set up a tunneling proxy at home and encrypt the traffic through it, but if you just want to shield your email, what I just said is the easiest way I know of to do it.
[For the clue-impaired, don't try clicking on those links Slashdot insists on making. Just log into Google & look at the URL in the address bar it sends you to.]
This whole abandoning privacy and spying on each other thing is so cool. I can't wait to become an oppressor!
I once worked at a small software firm (50 emplyees) and we "merged" with a larger one. What was once an open workplace of mutual respect quickly became one location of seemingly untrusted drones. The new corporate office demanded a firewall, so they could watch what we visited. They snooped people's Exchange folders. Etc.
It had never occured to me to betray my employer. But when they started treating us as untrustworthy, my fellow admins and I came up with all manner of methods to thwart the security measuress. It helped, of course, that we were privy to those measures, which we were sure to disclose to fellow workers who had no idea.
And you'd better be *really* thorough with that Acceptable Use Policy. :) Sure, you can watch what I visit on the web, but it may only *seem* innocuous. One user on the inside may be sending weird HTTP requests to a legit-looking site. But in reality, those requests are lines of an ASCII armoured PGP file (properly URL-encoded, of course).
I don't care if it's the company email server, on company time, yadda-yadda-yadda. And I don't care if the ream of paper I signed to put food on the table gives them the right to records phone calls, archive email, and takes ownership of portions of my brain -- 'cause they *all* do it these days. It's not outright collusion, but the end result is pretty much the same.
If the company expects me to interrupt home/private time for their beneift, they'd better damned well respect my privacy on the job, because there's little time to tend to personal affairs requiring 9-to-5 services otherwise.
"That badge don't make you right."
Method of processing duck feet
Snail mail.
work for a bank or securities firm? your email is probably already being screened electronically. Trust me, I have installed the software -- quite impressive stuff. they don't care about personal messages, they are sifting for leaks and fraud.
besides, you're at work -- don't use work email for personal contact, duh!!
I would rather just put it in my pocket or backpack ;-)
-- Find the Truth...
Meanwhile, don't mind those people walking off with that case full of tape storing all of your company's sensitive information entirely unencrypted.
It really is disturbing to see how many companies think that becoming a Big Brother figure to their employees is a reasonable or effective substitute for a good---or even any---security policy.
On the other, this just means smaller companies will get better employees who don't want to be drones. That's one of the reasons I started my own - I hate oversight, and am bad at playing employee.
On the gripping hand, ethics are important. And they're hard in large companies. To some extent, if you're a large corp, you need process in place of understood ethics, because the former is enforcable and the latter much less so. I still think the balance tips to small corps. But then, we can't turn out replacement Apple CPUs, so our role is constrained.
I forget what 8 was for.
They don't have to waste much in terms of monetary resources... The companies can simply license Google PigeonRank technology and let pigeons scan the email for leaks. The only cost would be licensing to Google and food for the pigeons, and possibly the computers they peck at if they're not planning on giving them used computers to work with.
I'm the Devil the Windows users warned you about.
I believe it is far simpler than you suggest. You are using their computer and their bandwidth so they have the right to read it. If you want privacy use a computer and bandwidth that you paid for.
Believe or not there are actually at least four different bases on which you could (but probably won't be able to successfully) argue for a right to privacy with regard to email communications sent from work:
(i) The Fourth Amendment to the U.S. Constitution, which reads: "[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures" -- but which only applies toward government action (although some pretty surprising apparently private actions can qualify as "governmental");
(ii) the Electronic Communications Privacy Act (ECPA), which covers email, and prohibits "(1) unauthorized and intentional 'interception' of wire, oral, and electronic communications during the transmission phase, and (2) unauthorized 'accessing' of electronically stored wire or electronic communications." -- but allows exceptions for companies which provide internet service, and does not apply if the employee consents to ECPA violations;
(iii) State statutes, which obviously vary wildly from state to state. The article that I'm using as my primary source notes that " Members of state legislatures have attempted to pass bills that would strengthen the protections of workers against electronic monitoring in the workplace, but they have generally failed because of sustained and effective corporate lobbying." (*mweheheheheh*).
(iv) Common law (which also varies from state to state) which sometimes recognizes an "actionable right to privacy" -- but under different caveats in each state.
Ummm . . . so yah -- it's complicated, so much so in fact that it's an open question in various states whether or not its legal. Also -- not surprisingly -- the legality of the monitoring will often depend on the purpose of monitoring, the purpose of the communication, sometimes even the industry you're working in, etc. Good luck figuring it out -- especially if you signed a (now practically standard) agreement allowing your employer to snoop through your work emails at will.
Generally, when the law is this fuzzy, corps will do whatever is in their best interest, and count on their lawyers being better than your lawyer if you sue. They're generally right. So assume that your workplace email communications are being monitored. We are the point now that it is never a good idea to send via email something you wouldn't mind all your colleagues seeing. Use Yahoo! or Gmail and at least make it a challenge for BigBroCorp to keep tracking of your on the job dicta. Of course, sending risque stuff from your workplace email may be your chance to be famous. Hehe.
Regards,
Moiche
In the healthcare and financial industries, this kind of monitoring is required (as oposed to others where it's just company policy). Regulations, such as hipaa and sarbanes-oxley, require that "resonable and responsible" measures be taken to safeguard information deemed "covered" or "confidential" by those regulations. Working in the healthcare industry, this meens scanning all in- and outbound email for signs of protected health information (PHI). Any instance where PHI is found to be transmitted un-encrypted has to be assessed for the impact and implications of the discoluser of information, and may require being turned over to a hippa advisory board (usualy corporate lawers and top level administration), who in turn descides if legal action need be taken against the offending party. I'm not sure about the specifics of sarbanes-oxley as I'm not in the finacial sector, but from what I've read, it's very similar.
http://www.accelerateglobalwarming.com
A lot of employers block access to gmail, hotmail, msn messenger etc. which leaves people with only one option, company mail.
No, another option is do your personal email at home not at work. When the company is blocking the webmail that might be a clue that they don't want you taking care of your personal business from their computer.
I would also assume none of them have ever been tested. Sure you can negotiate your own contract, but not as easily as striking out anything you don't like. HR doesn't usually have that power. Every employment contract I've ever read stated something to the effect that "my signature signifies acceptance of this document in its entirety, alterations to this contract are not valid without the written authorization of an Officer of the Corporation. No other person is authorized to make binding changes to this agreement".
The people who sacked the people who were hired to read the outgoing email of the first group of people hired to read outgoing email, have been sacked.
Raise your children as if you were teaching them to raise your grandchildren, because you are.
OR it could just be that retards can't keep from clicking on stuff and giving everyone in their address book a virus.
.mac.... that's where I send my personal email...
:)
They don't usually block
And per most company policies (unless you work for some barbarian horde), as long as it doesn't interfere with regular business work, a little personal stuff now and again is okay.
It's the Stay-Puft Marshmallow Man.
Before having a hissy fit, you should realize that controlling the outflow of sensitive information, per the SOX regulations, requires that companies track outbound email to determine if sensitive info / inside info is being sent out electronically.
... ,
If you didnt have to decrypt it
It didnt come from me.
Here in the state of New South Wales, our workplace surveillance laws have just been amended to specifically address this issue. By law, employers are now forbidden from carrying out covert surveillance of their employees, whether by email, phone, video camera, or anything else. They need a court order and a reasonable suspicion of wrongdoing before an employee can be monitored. See the following report from AAP (Australian Associated Press).
NSW: Employers to risk charges for spying on worker's emails
Wednesday, 04 May, 2005
Content provided to you by AAP
SYDNEY, May 4 AAP - Employers who read workers' private emails may soon risk criminal charges with legal safeguards being introduced today by the NSW government.
NSW will be the first Australian state to outlaw unauthorised spying of employees using technologies including video cameras, email and tracking devices with the introduction of the Workplace Surveillance Bill 2005 to state parliament today.
The new laws will make it a criminal offence to take part in any form of covert surveillance unless an employer can prove they had reasonable suspicion of wrong doing by an employee.
"While some employers argue that this is necessary to protect their legitimate interests, employees expect that their private correspondence, like their private telephone calls or private conversations, should never be the subject of secret monitoring," NSW Attorney General Bob Debus said in a statement today.
"We don't tolerate employers unlawfully placing cameras in change rooms and toilets. "Likewise, we should not tolerate unscrupulous employers snooping into the private emails of workers."
The new laws will strike a balance between an employee's right to privacy and the legitimate needs of employers to protect their intellectual and commercial property, he said.
"Unless employers have a court order, they would need to give employees notice that surveillance will be conducted," Mr Debus said.
Are they worried about a bunch of stuff being sent out? Or just ideas? An employee could just send an email detailing a companies plan from their home. Cue thought police. ;) Although this is probably designed to protect against people accidentally leaking secret information. It wouldn't work for corporate spies, who, as previously mentioned, would just stick a USB stick up their butt.
Sometimes it's a regulatory requirement.
I work for a utility company that generates and sells power, and also transmits power. We're required by FERC to record all electronic communications between the generation and marketing side of the house and the transmission side so that FERC can ensure that we're not price-fixing.
There are other examples even within the company I work for; but you can get the idea.
Now, as for hiring people to read outgoing e-mails and IMs as a normal procedure, I'll believe it when I see it. Budgets are tight enough already. It's hard enough to get new labor allocated for real work. I can't imagine spending that money to read people's e-mail.
Hot Damn! It's the Soggy Bottom Boys!
I work for a life insurance company and just wanted to point out that any information systems that contain or have access to EPHI (Electronic Protected Health Information) are bound by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) which specifies in more than one part that measures must be taken to ensure EPHI is kept confidential. This INCLUDES monitoring outgoing e-mail. My company is small, our IT department consist of 4 programmers, a network admin, 2 help desk people, a production operator, 3 business analyst and a manager. We don't want to be bothered with this crap, but we are obligated by law.
Thanks for ruining the movie for me. Well, at least I still don't know whether Anakin will go to the dark side or not.
At my old job, I used to read random lusers' emails that bounced back to postmaster.
I am walking proof that you should encrypt your email. You never know when an unscrupulous person with too much access and a hell of a lot of time on their hands is looking over your digital shoulder.
encryption crypt those private emails, if they want to know whats in it, say none of your god damn business. corperations have this idea that they are the only ones entitled to rights and that signing a piece of paper is the most meaningful thing in the word.
If you mod me down, I will become more powerful than you can imagine....
I keep seeing posts on Craigs List in the "Gigs" sections titled "Get paid to read email" but they are usually deleted by the time I read the the posts through my RSS feed. Maybe this is what these are all about: companies can outsource their email reading to an overseas Asian country, that'll really keep security nice and tight!
We're required by law to read the email of many employees, not to mention their IM conversations and their web traffic...
Major financial inst. USB keys are disabled.
There are many software packages that also take screen captures every few seconds. Not nearly as easy to search through as text, but don't assume that a secure connection is private.
SearchIRC - Now with live chat directory!
"you've no more expectation of privacy than you do on a CB channel."
Might as well go all PsyOps on their corporate asses then.
Have some outside dummy accounts you can send email to. Send messages full of glowing comments re: boss & company, and others that refer to a mysterious dark conspiracy that haunts your past. Something involving genetic experimentation, a mad European scientist, and a mysterious Brazilian clinic.
Then the week before you quit, start sending mysterious messages encoded in pig-Latin.
"The owls-nay are not as they eem-say."
but remember most of these firms are third tier joints employing mouth-breathers, and of course the policy only applies to the lowest subhuman employees...do you think the CFO lets his email get read? nope.
1) Encrypt it
2) Have your signature include a (c)2005
3) and if the break the encryption, they are violating the DMCA. 4) ??? 5)Profit!!!
Watch for Penguins, they eat Apples and throw rocks at Windows.
That's it.. set it up on a system at home and use https to access it. They can't read the email then. Screw-em for trying..
http://www.squirrelmail.org/
=-=-=-=-=-=-=-= - The Celtic - =-=-=-=-=-=-=-=
I use TLS (with authentication) to a remote server.
:D
My boss is well equipped to packet-sniff, however all the email servers I run use TLS...
All I do at work is
a) Not save my email password
b) Tick the 'force' tls option in mozilla.
c) Use imap/ssl
Privacy ++
Any real IT staff should know how to do this anyhow
Anyone stupid enough to be mailing sensitive information using their company email accounts deserves to be busted.
If the corporations decide to start tapping all their employees home phonelines and setting 24/7 surveillance on them, then it would be news.
It strikes me that there is NO WAY for them to detect much more basic forms of industrial espionage -- short of banning all forms of portable recordable media (including magnetic, optical, and flash) and requiring mandatory cavity searches for all inbound and outbound personnel.
Even then, someone would stick a keychain drive in the Blimpie he's bringing in for lunch -- so add x-rays and high-sensitivity metal detectors for all inbound and outbound objects.
At a nuclear plant, security greater than there is at an airport is a good thing; at a software company or a doctor's office, it could cost more than just suing the bastard after a leak.
For that matter, what about webmail? It'd be a lot of work to skim through every website transaction at most any organization where there is Internet access -- again, eating the losses and filing a lawsuit or two if anything happens is probably a lot cheaper than monitoring all Web activity. It's even more complicated if the connection is encrypted.
Spending the company's money on full-time staff to read everyone's e-mail isn't going to do much to keep employees from leaking to competitors or to the press.
Further, whistleblowers can always send something in from home, or do it the old fashioned way with a public telephone. You aren't going to stop employees from going home (excepting the military or anything else where you send them off on remote assignments) or seeking out a payphone after hours -- it's like a mobster who knows he's been wiretapped and thus never uses his line for "family business."
Theres no way my company would do that? Everyone knows how good and honest CEO's are
The AC above has it right.
In fact, it probably is wise to let a reasonable amount of personal email through. That way, the "who is going to pick up milk on the way home?" question takes 1 minute to send, and 1 minute to reply. Compare that with dialing into voicemail, calling back, leaving a voicemail, getting a voicemail back (dialing in again), returning the voicemail
Personally, I know my boss reads all my outgoing email, but because I'm him, I don't really care. Self-employment is the only route to freedom - the taxes suck though.
What changed under Obama? Nothing Good
The person in the HR office is not an officer?
I do recall some manner of law or precedent (in the US) that said that contracts that are administered by someone who, for all appearances, is in a position of appropriate power may still have to be honored by the company, even if that agent of the company was overstepping their power.
Anybody know what I'm talking about? Got a link? It was a long time ago that I heard this.
Information wants to be free.
Entertainment wants to be paid.
You just want to be cheap.
...you read the company's email.
SIGSEGV caught, terminating
wait... not that kind of sig.
Proofpoint has the lamest web site I've seen this year. They run an large piece of javascript called "sniffer2.js", which tries to figure out what browser you're using in great detail. I'm running Mozilla on a QNX system, which puts their "sniffer" in an infinite page reload loop.
In contract law, there is a concept known as 'consideration', which basically means says that each member of a contract has to get something out of it in order for it to be valid. This is why you sometimes hear about very expensive things being sold for a dollar: it is in order to legally distinguish it from a gift.
So in the case of contractual restrictions on an employee after the employment relationship ends, these may not be binding unless the employer provides some consideration, monetary or otherwise, to the employee; ie, legally you gotta pay to play. In some cases non-competition agreements have been found to be non-binding because the former employee was not getting paid to not compete.
While you are employed and being paid is a bit of a grayer area, and most lawyers I know wouldn't make a quick judgement on it, so I won't even try. Here's one link I found discussing contract law and consideration in general.
intelligent users won't catch on immediately and find $0m3 w4y to circumvent being bothered by it, and basic users won't often trip it up and cause general resentment all around.
but didn't the article say they were just checking for corporate data? i mean sure, they will be seeing everything, and an indescreet reader could be any writer's problem, but as has been mentioned before, why would you send personal data via work email?
people are, of course, concerned about privacy. now i am one of those people, ecrypting everything i can, often without cause. but if it's stated that they're hiring people to take care of this, doesn't that mean that A) they have to pay these teams of people, and B) that no company wants to waste money on impractical persuits such as hashing out personal affairs outside the scope of their security efforts?
and anther thing? why the hooplah? companies have been reading employee's email since it was possible to do so. sure, more companies do it now than then simply because A) it's easier B) companies are more aware of security threats such as email leaking of sensetive info, and C) more companies provide email for their employees than ever before.
if this were a new trend, then i'd be right there insisting that the pervue of the investigation be strictly limited to the interception of sensetive info. however, legalistally (in the usa), corporate interests will always outweigh the rights of the individual (because companies have lots of money to buy our "elected" officials, and individuals do not).
so quit pitching a fit. you missed the time to object.
just use common sense. if you want your email to remain private, don't use a medium over which you have no legal claim in the case of its interception and/or misuse. especially if you're emailing trade secrets to your whole address book!
btw, and i'm not sure about this, but if you encrypt an email sent from work that becomes "suspect" in an investigation, wouldn't a subpeona *force* you to provide the key?
If the purpose of this is to prevent data from leaving the company, wouldn't it have to be done within the company? I mean, if they're taking the data and sending it out of the country for them to see if they can find anything questionable in it, isn't that just asking for trouble?
warning: This post is likely to contain gobs of dripping sarcasm. Consume at your own risk.
No, another option is do your personal email at home not at work
Yes this may work for someone who has a normal (40h/week) job but when you are in my position and spending time home basically means get home, goto bed, get up, take a shower and leave for work, you have to cut some slack (or offer an alternative) when someone sends a few personal emails from time to time.
Well... looks like good times are coming for Xerox...
Or what about that little phone with cam in your pocket? That IS personal property... They can't check that.
There is always a way for people to do wrong if they really want to.
Life is not a firewall... You can't just treat everybody as evil.
There is a very dangerous trend going on in corporations and politics. Sure you can invest a lot of money and time and resources in preventing and catching wrong-doers. But when you start invading the 'good' people's privacy and freedom... you are going to far.
A non-disclosure agreement is logical, but if
your boss clearly doesn't trust his/her people, your boss can't expect any respect or trust from them. That is a nasty working environment.
The link went to some sign up form..
Did they ask small businesses? Or were they asking corporate CIO types that are currently in the midst of Sarbanes-Oxley compliance audits?
More government oversight these days, y'know...
2. mutt
Come on. Geek out with me.
Well seems the PHB's are only 20 years behind the security experts. So in 20 years everyone will get a cavity search before leaving the office ;)
P.S. I actually expect them to install scanners like airports are getting.
========
CINC, 4th Penguin Legion
If I can't send an e-mail to my wife from work saying "what do you want me to buy at the grocer's at the way home?", then it's only fair when I ignore anything job-related as soon as I exit the company building. But this is of course absurd, and companies all the time expect people to carry over their work problems into their spare time -- read stuff, talk to people, etc. If it's OK for the employer, it should be also OK to let me send a few private e-mails from work. Otherwise, it's not fair.
"Long run is a misleading guide to current affairs. In the long run we are all dead." (John Maynard Keynes)
wow...so don't work for a company who does it or don't send private e-mails from work. It is there e-mail system, not yours, if you don't like it, those are your options.
On one hand, companies are handing over their balls to some 3rd party company, often oversees, via the process of "outsourcing", but yet they're also reading email from their staff to make sure that they don't give away their corporate balls?
How does this make sense?
I have no problem with your religion until you decide it's reason to deprive others of the truth.
...they were reading e-mail, not web postings right? Unless slashdot has a new mail-to-comment gateway I haven't heard about.
Live today, because you never know what tomorrow brings
In France, the situation is the following: A corporation can anly read emails concerning business. The emails sent from a corporate email account but concerning private matter can not be read. The problem is: how can companies know if an email is a business or a private one ? AFAIK, in France, we often are asked to put a special word (eg: private or personnal) in the title in order to avoid scanning.
le souvenir d'une certaine image n'est que le regret d'un certain instant (M.Proust)
La libertà e la segretezza della corrispondenza e di ogni altra forma di comunicazione sono inviolabili.
La loro limitazione può avvenire soltanto per atto motivato dell'autorità giudiziaria con le garanzie stabilite dalla legge.
Which roughly means:
"Freedom and security of mail and every other communication form are protected.
They can be limitated only with a motivated act of a judge, according to the guarantees fixed by law.
Basically this means that there must be a court order to let somebody see your mail.
Our "Garante per la Privacy", sort of a supervisor over privacy matters, has clarified, and there are judgements backing this, that email (and IM, and faxes, and phone calls, etc.) enjoys the same guarantees as snail mail.
Hence, such a company policy or contract would be illegal in Italy.
Ander
@=
Theres an easy way to get around most of the problems discussed here. At a different computer (or at work, just to spite those bastards, surf over to the Auditor site and download the live CD ISO, and burn it to disk. Reset the computer with the disk in the drive and boot into auditor, thereby circumventing any email readers/IM sniffers/ whatever the hell they have installed on the godforsaken machine. From there, using the lovely built-in firefox, browse on over to https://gmail.google.com, and send your email. Alternatively, log into your favorite IM service with GAIM and shoot all those illegal/secret files to your cohorts outside company property ;). When you boot back into windows, make sure to run something very ram-intensive (or a RAM clearer) to delete any traces from your RAM, and there you have the perfect score. If someone from your IT department notifies your boss that your computer was "off" for a while, just tell your boss you were fixing a problem yourself instead of waiting a couple of hours for those buggers in IT, saving a lot of time and thereby increasing your productivity. Raise is on the way!
"Its a grey area". "How grey?" "Somewhat of a charcoal shade"
However, in a company setting, this is no problem, as the company can easily set up its own certification authority, and install the CA certificate in all its employee's browsers as part of the standard installation procedure.
that in generally any area with available employees who are technically savvy enough to implement this sort of comprehensive "distrust architecture," there will probably also be plenty of friendlier companies who are looking also to hire. Any company who tries to treat me like some sort of one-dimensional work drone gets ditched.
You are describing something called a "man in the middle attack". Easiest way to defeat this one: Download the certificate at home and take this one with you to the company and install it there. If the company has an SSL interceptor, it will surely ring the alarm bells.
It will also ring the alarm bells if the certificate you downloaded at home is tainted by the home ISP's SSL interceptor though. But at least you know that one of your points of entry into the internet is 0wn3d.
Sensitive information via e-mail? Oh, yeah, that is true. I could see people exchanging e-mail plenty of sensitive information, and sending this kind of message through the internet without ANY encryption. I feel that is the main concern of the companies nowadays.
Ronaldo Faria Lima
E-mail:ronaldo@ronaldolima.eti.br
Home page: http://www.ronaldolima.eti.br
Less likely, or do you let your ISP set up your computer for you? The attack is only possible as described if the attacker can somehow install the root CA certifcate of his CA into his victim's browser. That's trivial in a corporate setting, but more difficult for an ISP.
Of couse if you hire special people just to read others mail that's another story, but such system is going to be damn expensive.
In soviet russia outbound mail reads you...
You forgot:
- are there full body searches to find post its?
You can easily write a TON of CC numbers down and put the paper in your shoe and there you go.
s'wut i sed.
37% of us dont care :P
This is absolutely the number one security breach today, actually, and it's internal as external. Oh, you don't have access to that directory on the company's intranet? well, let me just email that document to you...
Companies do need to protect themselves. There's some very interesting development in that area, in fact. http://www.vidius.com/
Strike that out too.
I've actually been paranoid enough to worry about that.
One solution is to click on the padlock every time you connect to verify the cert was not signed by your company. Otherwise, I'm not aware of any easy ways to prevent this...
63%? Who says!
Oh Proofpoint says! A company that is trying to sell their email monitoring products/services.
I imagine that a company that sells a product might want to convince IT managers that using their product is what everyone is doing within the industry. And to convince IT managers, they might want to tailor their survey to greatly up their numbers, and pump the press to get the word out.
This is not an independent study. This is a press release by a company with a vested interest in the marketplace they're reporting within.
Sure, no one likes email monitoring. Let's talk about how Proofpoint is looking to make millions by providing the mechanisms for snooping into your email.
However, if they do, then they must also appreciate that outside of standard working hours I will do nothing for them.
If they aren't willing to accept a small amount of encroachment of personal stuff into work time - then they have absolutely no right to expect any encroachment of work stuff into my personal time.
They can't have it one way without it working the other.
Avantslash - View Slashdot cleanly on your mobile phone.
It seems that companies are incredibly concerned about employees wasting time emailing, when they should be concerned about what those employees are there to do.
If I was running a big company and deadlines were being met I wouldn't care less how many personal emails were happenning. If not, I'd take a look at the numbers and have a quiet 'cool it a bit please' email sent out to culprits.
Naturally you do have to worry about company secrets leaving, but I suspect you'll find that happy, well remunerated employees are less likely to do that than people who have to jump through hoops to send an email.
I work for a big company, and they're very very clockwise. Very concerned about emails, PC lockdowns and that sort of thing. They don't seem terribly bothered with people sitting around talking about football, having long conversations on their phones or other random activities.
And, most of all, they don't seem very concerned at all about what those employees are SUPPOSED to be doing. Miss project deadlines - no worries. Miss extensions - no worries. Just don't send a personal email.
Honestly PHBs - keep your eye on the ball and let your staff work for you. Gestapo tactics will just make you unpopular and decrease morale and productivity.
You know they're going to outsource this. Let the folks in Bangalore try to figure that one out!
Just read evey third word. (Note the "3" below.)Now, if I could only automate the process and have it come out reasonably intelligible.
3You were 80% angel, 10% demon. The rest was hard to explain. - Over The Rhine
"Math in a song is good."-Linford
Those publicly-funded buildings called...public libraries offer free access.
So, for the price of ... zero, they can get all
the internets they want.
Yeah, right.
Company secrets leaking out through email? Hell. 80GB walking out, as per company rules, in my backpack every single day.
If you are a restricted user on your computer, you cant use your USB stick!
So you'll leave your company with a major infection for nothing.
... they're hiring overseas firms to do it. ;-)
Low cost engineering means killing off employee loyalty in search of a better stock price, and then packaging all of your domain knowledge for overseas distribution where you don't even have the advantage of national loyalty to protect it.
Isn't it amazing how they've managed to shift the blame for the USA losing it's technology advantage to the schools?
I used to work for a university in the MBA school. In order to get the best possible professors for our students we had to allow them to do consulting for large companies on the Uni's time as we couldn't afford to pay them what the going market rate was. This practice was regulated in that they could only spend 30% of their time consulting and they couldn't use any of the schools recourses (IE letter heads, websites, secretaries etc..). Now on the face of it this worked well for both parties as we got the best from industry plus the profs got the salary they had come accustom to. However, as human nature would have it, the profs got greedy and started abusing their position and students started to take notice that the very expensive course they had just paid for was suffering. So as IT we were charged with implementing all sorts of monitoring to gather evidence of these facts to weed out bad apples, otherwise the school would go bust and 100's of people would lose their job. The loss of privacy I can live with, the loss of a single mum's job because of a greed fat man I can't. If faced with that decision again, I would make the same choice in a heart beat.
There is also another good reason for this which is not entirely related to sensitive information leaving the company via company email and that is the sexual harasment/bulling. It is necessary to monitor email to limit this kind of activity before it blows up in your face. We recently did a audit of email boxes and found that 60% stored what would be considered (by law in Australia) as a offensive amount of porn that the company could be and would be held laibale for. What was worst was massive internal/external mail groups that were being sent to. I have no problem with porn (of the legal kind) just view it and send it on your own time. No one likes to see you spanking it at your desk!
It said "windows 98 or better" so I installed Linux
While I don't like the idea of my employer snooping on my emails, at least for the nature of the business I work in, I can see how it may make some sense.
For personal emails, though, I can use my Treo 600 and I have complete privacy, from my employer at least, and no issues about crossing the "private use of company internet" boundary.
http://www.spectorsoft.com/
We use their eBlaster product. I'm pretty sure it captures key strokes based on window title hooks, so https won't do anybody any good.
How many employees does it take to write a memo? . .. ...
One to write it, one to analyze it, one to read the keystroke log....
Wise men say, "Forgiveness is divine, but never pay full price for late pizza."
When I was in Cyber-Corp at U of Tulsa (Center for Information Security) getting an MS, a group of undergrads developed an AIM logger for the cyber-crime unit of the Tulsa PD. They get a tap on teh suspects internet connection, and all IM going in and out gets sniffed, then timestamped, hashed, and encrypted for storage and later use in court.
Nifty little system, and they designed it to be plug-in friendly, so they could add chat protocols other than AIM later on.
So, USE ENCRYPTION to avoid getting sniffed.
With the first link, the chain is forged.
Because companies don't have anything else to worry about?
Install a PGP client on your office computer. Get a friend to do the same and share your public keys.
Encrypt a few messages and send them back and forth using your company e-mail.
Watch them squeel when they can't read your e-mail.
What's that they fired you? For what? Because they couldn't read your e-mail?
Take them to court and sue the bastards for wrongful dismissal. They would have to prove that you leaked company information...if that was their basis for firing you.
Anyone using someone else's communications technology should not expect their communications to be private from the owner of the technology. This includes phone, email, SMS, etc. I take it for granted that if I'm on the phone with someone there may be a lineman down the block testing the phone lines and may overhear part of my conversation. I don't believe my employer is currently reading my email, but I totally believe in their right to do so.
The only reason there aren't more employers monitoring email is simply due to a lack of manower to do it.
Bottom line: never assume privacy. Only assume better privacy by actively employing measures yourself. (pgp etc) And of course if you're using pgp on on your employer's computer, isn't that a major false sense of security? (if it's not owned by you, consider it 0wn3d)
I work for the Department of Redundancy Department.
These guys seem to have a service that lets you archive and search your regular email offsite; sounds like something that would let managers do just that kind of thing.
>>>"I'm not being glib."
Who else read that as "g-lib"?
Encrypted mail passing through corporate servers is immediately suspect. If I'm in charge of an installation and I see an employee encrypting his email, I will want to know why.
Paranoia cuts both ways.
They don't suck really any more than they suck working for someone else.
Set yourself up an "S" corporation...work corp to corp...and only pay yourself a portion of the bill rate as 'salary'...only this portion is subject to SE taxes (FICA, Medicare..etc). The salary has to be 'reasonable'. For an example...you bill for $100/hr. Pay yourself a salary of only $40/hr. That $40/hr is subject to SE taxation, the other $60/hr is not....and it comes in on your personal taxes as is....
You just gotta play the game, but, you can get around a lot of taxes by being self employed...write off tons of business expenses...even cars, percentage of home and utilities if a home office...there are a lot of benefits to it. Just gotta make sure you keep the contracts coming in regularly...
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
Don't forget to go to Preferences > Security > SSL > Extra SSL3/TLS and enable the following cipher first:
(X) No encryption with RSA authentication and SHA1 MAC
Then disable all the other less-secure ciphers. This will make your https connections super secure!!
(Despite my sarcasm, it's important to realize that https doesn't automatically mean secure. You need to make sure you negotiated good algorithms, that you trust the server certificate, and that the issuer of that certificate was not your own company's CA set up to run an https proxy).
I just wanted to be complete. :) Of course such a scenario is less likely.
Otherwise, it's not fair.
Fairness has a price, like everything else in a free market economy.
"Provided by the management for your protection."
It's a good thing then that all my personal internet traffic is securely proxied over my SSH tunnel from my workstation at work to my SQUID at home.
All this so that I have a piece of mind when I outbid some Joe Schmoe in Idaho for a piece half eatten toast touched by Justin Timberlake.... omg...
Horray for mindterm, ssh, and SQUID.
Three letters. P-G-P
Crack my 4096 bit key, go ahead
Karma means nothing to me, so suck it...
....you don't have a right of privacy in the workplace (in the US at least). Obviously, you have an expectation of privacy in the company bathroom while your takin a dump, but thats about it in a workplace environment. In most states, an employer can search through an employees desk if they wish. Why not outgoing e-mail too? Even if your company doesn't read your e-mail, your company's lawyers might. Why? During litigation, relevent documents have to be turned over to the other side. How is it determined if these documents are responsive to subpeonas and discovery requests? Lawyers read them. Let me tell ya, there is nothing like 500 lawyers laughing about your latest one nite stand with Misty the Office Slut...right before they forward the email to the personnel office to review for review as a sexual harrassment case...... My advice? Don't do personal e-mail at work. Use your own cellphone or blackberry or whatever.
Really? So according to you, we should all screw each other at every occasion? This is not my idea of a society.
"Long run is a misleading guide to current affairs. In the long run we are all dead." (John Maynard Keynes)
Not to be a drone or anything but at work you should be working, not reading/sending non-business-related email. Oh wait, what am I doing posting on Slashdot?
--
http://unk1911.blogspot.com/
the increase in people reading private emails at work and they'll be an update on the Slashdot story on email adiction.
Or it is a clue that you should get another job, with a more sane management, ASAP.
Throughout this thread, I've been thinking; what's up with you americans, who let your society (government + private companies) restrict such a great part of your time so much?
My employer trusts me to do my work, and doesn't try to sneak into what I'm doing. Why should they do otherwize? Trusted employees are usually happier employees, and happier employees are usually better employees. On the other hand, I've only worked for SME:s...
--The knowledge that you are an idiot, is what distinguishes you from one.
When the company is blocking the webmail that might be a clue that they don't want you taking care of your personal business from their computer.
/. on our dime either. Get back to work!
Dear AHumbleOpinion:
We don't want you reading
We will be watching you.
Sincerely,
Corporate HQ
Why don't they just ask the NSA to check their employees e-mail for sensitive information, they already read everybodys email anyway.
Actually they don't have to cut you any slack at all. Bottom line is if you use the company car/break room/gym/mail server/cell phone for personal stuff and they decide to fire you for it they're well within their rights.
Maybe what we need is a 60 hour a week job ;-)
we see things not as as they are, but as we are.
-- anais nin
neener neener neener.
we see things not as as they are, but as we are.
-- anais nin
Anyone who assumes otherwise is a fool. Even at a small shop we monitored email for keywords and logged all AIM and Yahoo IM traffic leaving the network. This annoyed a lot of people, but those were mostly people who used their work-issued laptop as their only computer (for home and work) which is foolish to do anyhow (if you were to be fired or to quit, do you really want the company to have a laptop full of your browsing history and personal documents?)
;-)
Privacy concern, yea, but it IS the corporate's network and their computer.
Of course, I regularly PGP encrypt personal emails and tunnel all web/im traffic over an SSH tunnel to a proxy at my home so I suppose it's a little hypocritical to say I don't care
I guess my point is, I would never keep personal information on a work machine, and I see anyone who does as doing an inherently foolish thing.
Any joe blow can set up their own email server and easily spoof an email address from any domain. Hence the reason I keep on getting emails from bill@microsoft.com telling me of his success with penis enlargement pills that are now on sale for only 19.99 while supplies last... Atleast, I hope that is a spoof...
1, 2, 3, 4, 5... That's the combination on my luggage!
I'm surprised not to have seen this brought up already, though I admit to only scanning through the comments so far. But let me get this straight: Companies are concerned about the people they employ who have access to sensitive information leaking that information to outside entities who are not authorized to receive it. So they hire more employees and give them access to this information. And they prevent these new employees from leaking the information how exactly? Do they intend to hire even more employees to keep watch over them?
How to keep a secret, lesson one: don't tell anyone.
Yeah, it sucks to be being watched and not trusted like that, but this shouldn't outrage anyone.
/end rant
I have to disagree. The company is trusting you with their livelihood in a lot of ways- presumably, you're doing something needed for them to continue to operate every time you sit down at your desk. If you fucked up in your normal work, you would hurt them. They better trust you.
If a company is afraid that you will do damage to them, they should fire you.
The reason for this is simple- if I were determined to do damage to a company I worked for, I could find a way to do it. As you say, I could use web-based email. Or a USB thumb drive. Or steganographically hide this year's worth of source code in some vacation pictures.
The reason I'm opposed to this idea- and outraged- is that its basically insulting. If the management really feels like they need to be looking over your shoulder all the time, they're acknowledging two things. One, that they're idiots who dont know how to hire trustworthy people. And two, that you're probably an idiot and have to be watched.
Noone wants to be treated like a child. I think this is one of those situations where treating people like theives turns everyone into theives. You're going to create an environment hostile to management because the employees will know that management thinks they're too stupid to trust.
Are they going to start following employees into the bathroom, too? Can't allow damage to the company's plumbing! Perhaps they'll sift through stools to screen out employees with bad diets- health insurance costs big $, you know!
Eh, sorry if that came out antagonistic. I think you have a fairly sensible viewpoint, but I personally find the idea of rolling over to idiot management disgusting. Nothing personal to you. =)
It's not what you know, or even who you know- It's how many people recognize your damn
"Bigger" people than you have "gone down" for sending an email they thought was private.
A rticle.a spx?type=internetNews&storyID=2005-05-20T164453Z_0 1_EIC060235_RTRIDST_0_OUKIN-FINANCIAL-MORGANSTANLE Y-PERELMAN-EMAILS.XML>
/ 2496.htm >
y /politic al-scandal/iran-contra/>
t r/article s/2002dltr0002.html>
Four big names:
Morgan Stanley (the firm):
<URL:http://today.reuters.co.uk/news/news
Gotta save those emails, or you might be dirty-dealing....
Bill Gates:
<URL:http://www.usdoj.gov/atr/cases/f2400
DOJ calls Gates on his internal emails.
Ollie North:
<URL:http://www.rotten.com/library/histor
Tower Commission reports Ollie discussed weapons sales through "private back channel" of White House email system.
"Little Nicky" Scarfo:
<URL:http://www.law.duke.edu/journals/dl
Mobster Scarfo subject to warantless (under wiretap definitions) keystroke-logger, as his email was encrypted.
Your privacy is only important to you. It is encumbent on you to enforce the degree of privacy you wish to retain. Your employer has a minefield to navigate in data retention (i.e. Arthur Anderson's document retention policy, and the recent Supreme Court findings), but that does not mean that you are not being monitored.
This sounds really lame, but ultimately makes sense - some old advice I read in Phrack comes to mind: <b>"Consider how you would explain your actions (as evidenced through your employer's email system) to a jury."</b>
If you do just that, you'll be ahead of all those guys listed above...
The concept of a free market is absurd. Don't buy into the bullshit.
Modern cell phones let you read and write Emails without ever touching a company computer. It's great stuff--give it a try.
In which case you are screwed anyways, because they would know what you typed in hushmail.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
This thread seems like old news: my old firm did R&D for government agencies on using artificial intelligence to track most of the interactions occuring on a computer by a user. Using statistical and natural language understanding methods, you can estimate things such as "the user is sending social security numbers as email attachments". The research led to several prototypes, and the prototype for examining users emails, messenger sessions, socket traffic, etc. should be publically available with the finished contract.
Itewray itway inway igpay atinlay?
a right in the US. ref. 4th Amendment.i vacy.htm
Also, http://usinfo.state.gov/products/pubs/rightsof/pr
Of course, just because a right exists, doesn't mean it's honored by our government. Amazingly enough, the link given above points to an official US government site.
"National Security is the chief cause of national insecurity." - Celine's First Law
I don't think so. But, some kind of automated scanning would be helpful.
Too many times this is done by accident. Someone does a "reply all" and attaches an internal document, without realizing that external names are on the CC list.
Personally, I'd be grateful for some kind of app that would warn me when I'm about to do something, and so would most of the people I know.
As for the potential for getting someone in trouble for a racy joke... well, when in doubt, hit the "cancel" button.
No offense taken at all, excellent post!
...but will they check the _fax_?
Concidering that a large percentage of all Corporations are absolutelly the wrong place to be. ...) and corporate uglyness.
/. is a familly place, so I leave it to your imaginations, you ;-)))
:-))
And since there is a strong corelation between abusive "Work place Rules" (acceptable use,
Reading the AU document is a good indication if you want to work there or not.
Of course it also means that you have to join or create an Union if you are allready working somewhere, and they jump such an AU policy on you.
And that you have to make sure that the law forces Corporations to clearly define what level of privacy they give you.
And make sure that the bad guy do not use the bogymen to "force" the corporations to become spooky.
(Because of all those pedophiliac drug dealing terrorist helping companies, any company that has such content on its email servers can get a slap on its CEO's wrist, so of course the company needs to check your underwears just in case you got a kinky USB enabled pair of socks (or other pieces of clothing, but
Of course it means that you have to "work" on your rights, not accept that the only way to create "collective actions" is the corporation, but remember that a system only works with check and balances.
Well nobody ever said it would be easy (or they where trying to sell you something
Corporate profits are reported to be rising rising rising. All time highs, actually. So are you anticipating a big pension and early retirement or working past 65 looking for work while big business automates the most mundane repetitious details?
Well, if you want your company to contribute to decreased unemployment, just generate tons of emails. All in the line of duty of course. Ask for prices or customer service. Make cold calls. Thank your customers and offer new services. Courageous staffers might start their own spam server.
How much email can upper management scrutinize? They're going to have to hire retirees trying to pad their savings. It's a service to the community and the economy. Business will benefit by dint of new corporate policy.
I suppose the upside might be sheer volume of data could allow you to slip personal stuff through as long as you can hide it from automated scanners.
Know your pads. One time pad: good for cryptography. Two timing pad: where to take your mistress.
I have nipples. Can you milk me?
Sheesh.
>Why does the janitor need public email and internet? Why does the secretary? Why the middle manager? I've done consulting work where I've saved the company a lot of money by pointing this out.
Oh, you are priceless.
Why would a janitor ever need to get information on a cleaning compound to see if it is the best and safest choice for use indoors? What, you say, all cleaning compounds are safe? Really???
Why would a secretary ever need to look up an email address? Does she (I imagine they are all she, in your little world) even need a telephone? Maybe a pay phone would suffice!
Why would the middle manager ever need to communicate via email?
Gosh. I wonder.