Slashdot Mirror
63% Of Corporations Plan To Read Outbound Email
John writes "Aviran's place reports that a recent survey of 332 technology decision-makers at large U.S. companies reveals that more than 63% of corporations with 1,000 or more employees either employ or plan to hire workers to read outbound email, due to growing concern over sensitive information leaving the enterprise through email."
This isn't funny as it has resulted in more than one person being terminated because of what was called "inappropriate" material (meaning someone COULD have taken offense to it. Remember...Charlie is Watching!
I'm not a troll, but I play one on Slashdot.
My corp uses AIM for internal communications, and I am really disturbed by this. I'm amazed the local admins have allowed this to go on. Basically all our conversations are going through AOL's servers and the internet, in plain text. And there is ABSOLUTELY no reason for this, since we're all on the local LAN.
I'm planning on setting up a jabber server on the linux box there, but it may be a chore getting employees to switch from AIM to something like gaim or trillian (does trillian support jabber?)
Nope, you are getting it all wrong, imagine the following: "And by this, my dear shareholders, our development team will know that their email is read, thus, reducing the time they spend on writing non-work related emails to minimum... and..." :) Management 101 = "everything is magic"
Well, it seems to me, and I might be way off here, that thinking up an email by an employee is in fact his company's property and hence, they have all the rights to read it, and it doesn't breaks anyone's right to privacy.
Email is considered company property, but people have gotten a little miffed because work and home tend to mix some. (No worries. It's natural as long as you keep it under control and under wraps.)
The part that amazes me these days is that people bother to send personal email through their work address when perfectly good webmail clients exist (*cough*gmail*cough*). Yes, your employer can probably see that you're surfing Gmail/Hotmail/Yahoo/Home *nix Server. However, your email is not likely to be captured by their system, and remains private.
So, why do people still use work for private mail?
Javascript + Nintendo DSi = DSiCade
You are using company resources. They can do whatever the hell the want.
Well, the gut reaction is to say this a bad and terrible thing (also a bit silly, as it seems to me that anyone with any technical know-how would just use internet-based mail to get sneaky anyhow), but really, if you're on their payroll, isn't it well within their right to make sure you're not doing damage to them?
At the very least, it seems like a good way for the companies to weed out the idiots who would be stupid enough to send questional material through their servers.
Yeah, it sucks to be being watched and not trusted like that, but this shouldn't outrage anyone. They'll probably reverse their policies when the costs of something like this start racking up with nothing to show for it.
As with most draconian Big Brother initiatives this one won't work. What's to stop employees from just logging into a private webmail account over HTTPS and sending information out that way? Unless employers block browser access, search people for USB keys, iPods, floppies etc there's a dozen ways information can be leaked out of a building.
One of these days I'm moving to Theory - everything works there
IANA Lawyer... but I'm not sure you could afford one to solve this kind of issue for you. It seems to me that question here should not be "what is their legal rights" so much as "what are my technical capabilites". Assuming you have internet access at work, the best answer may not be to challenge their capabilites but to simply use encryption. If you have access to gmail, use it for your personal mail. If you're not into that, setup an SSH tunneling service so that you can pipe your mail out encrypted.
IMHO, I try my very best not to use my work mail for anything that is not directly related to work... that way when I see an alert in Tbird saying I have new mail, I know it;s important, if I have time to burn I browse to gmail (or my personal webmail server)... both of which are encrypted.
Make sure everyone's vote counts: Verified Voting
I think I may be playing Devil's advocate here, but I don't really have a problem with the companies reading their employee's email. Your work email address is for just that - work. These emails are written on company time and they are on the company network. I'm sure there is an AUP for the company network; they aren't hiding the fact that they can read your emails. In short, don't waste time with personal emails at work and don't send out company secrets through email. Isn't that unethical anyway? Keith
And you base this on a company wanting to control a medium that it pays for and that it is, in today's litigious climate, liable for? Given that lawsuits today seem to include "every e-mail mentioning X" as a standard discovery item, why would any company want to open itself up to this kind of liability. To look at it in another light, if you're going to be held accountable (legally) for anything downloaded from your home internet connection, would you really want to keep that home wireless network wide open? This is ass-covering 101.
Sorry, but if you don't want your e-mail (or websurfing, or other internet habits) monitored, don't do them from a host that isn't under your complete control. How hard is that to understand?
I bet even ROT13 "encryption" would defeat the corporate censors.
The Internet is full. Go Away!!!
...considering that it was carried out by a company that has a product for scanning outgoing mail...
This is oh-so-wrong on too many levels! One (that's too many.)! There are so many ways for employees to betray a financial or corporate trust. Likewise, there are many ways for an employer to betray a trust. This would, in my opinion, be one of the most onerous with many potential avenues for backfiring.
Consider the disgruntled or dishonest employee. Think they're intent to betray a company is stopped by this policy? Not a chance! This kind of "policy" would only bolster a disgruntled employee's rationalization/justification, etc. to follow through with betrayal. They only need choose some mechanism other than e-mail and there are many.
Now, consider the neutral employee... a policy like this could create a tipping point and generate resentment enough to give cause to consider doing something subversive to a company. After all, the company, by fiat, is essentially assuming an employee is "up to something".
Finally, consider the loyal employee (how many of those will there be after widespread policies like these?)... A quick glance around and loyal employees may begin to wonder what end from loyalty....
No, this is just plain bad policy.
A lot of employers block access to gmail, hotmail, msn messenger etc. which leaves people with only one option, company mail.
:-P
Also, when you say email is company property, I understand the technical principle that the bits and bytes are on the company owned servers but it's still a form of communication and people should have the right to a little privacy. When I talk on the company phone (or even company paid cell for that matter), I do not expect someone to be listening to my every conversation. This is becoming ridiculous, my employer pays me to do a job and I do it. He shouldn't have the right to ear, see and read everything I do in the company office because he's afraid I may leak private information. Where will we have to draw the line between the company's right to corporate secrecy and its employees' right to privacy? Heck! who's watching me at night in case I may talk to a friend or a relative about some secret company ploy?
Finally, to answer your last question, I use company mail because it's the only thing I can use and I spend over 60 hours a week there
"However, your email is not likely to be captured by their system, and remains private."
While Yahoo does support optional SSL, and I have no experience with Hotmail, I have never seen an SSL 'padlock' icon on Gmail. So the messages you read and send on Gmail appear to be transmitted in plaintext, and would thus be easy for the sysadmin to read.
DRM 'manages access' in the same way that a prison 'manages freedom'
I'll explain to my shareholders why I wasted $50 or so thousand a year paying an employee or two to check email.
And while I'm doing that, you can explain to your shareholders why the company lost millions of dollars on a new product because someone inside the company sent company secrets to a competitor.
Or you can explain to the shareholders why the company is now paying a multimillion dollar settlement for sexual harrassment via an employee's email.
Paying someone to read email is vastly cheaper than the alternatives. If you drive 20 years without an accident, do you consider the insurance payments you made to be "wasted"?
In addition, employers don't need another trick to sack an employee. Unless you signed a very unusual contract, or you are an empoyee that is covered by a union, your employer can already fire you because the sky is blue, the grass is green, or they didn't like the color of your socks last Tuesday. Most tech employees are hired "at will". They can be fired just as easily.
Finally, as far as privacy issues go, you have no privacy on work place computers. The company owns the hardware and software and pays for the power to run it, you don't. And in the United States, there are multiple Supreme Court rulings to back that up.
I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
Indeed! Especially when you've probably signed an employee contract allowing them to do that.
Signature.
" However, your email is not likely to be captured by their system, and remains private."
At that point, does it matter to the parent corp as much? One of the dangerous things about having a corporate email address is that it ties you to that corp. Imagine the difference between recieving 'leaked' specs of Nintendo's next system from a Hotmail address. Then imagine that same email from Nintendo.com. The problem isn't just privacy, it's that with that address you are a voice for the company.
My company doesn't play games like that with email, but if it did, I think their biggest worry is that I'd run around telling our customers they have free copies of our software.
On a side note: Is Slashdot broken, or am I being punished? "It's been 42 minutes since you last successfully posted a comment"
"Derp de derp."
This is why employers ought to let a reasonable amount of personal email usuage. The time spent going outside to use a cell is going to be a lot longer that a quickie email. I can understand why employers wouldn't want employees messing around on company time, but everyone knows everyone does it from time to time. You can bet your last penny even the bosses have spent personal time on the company clock. I know this because I've been on both sides.
A reasonable person would realize that draconian systems cause much more waste than rational limits ever do. The problem is, computers are very easy to monitor so they end up getting all the focus of nosey bosses. Employees are smart enough to get around this, though it takes more time out of their day. Excessive monitoring is a loss for everyone.
What changed under Obama? Nothing Good
If I can't send an e-mail to my wife from work saying "what do you want me to buy at the grocer's at the way home?", then it's only fair when I ignore anything job-related as soon as I exit the company building. But this is of course absurd, and companies all the time expect people to carry over their work problems into their spare time -- read stuff, talk to people, etc. If it's OK for the employer, it should be also OK to let me send a few private e-mails from work. Otherwise, it's not fair.
"Long run is a misleading guide to current affairs. In the long run we are all dead." (John Maynard Keynes)
Less likely, or do you let your ISP set up your computer for you? The attack is only possible as described if the attacker can somehow install the root CA certifcate of his CA into his victim's browser. That's trivial in a corporate setting, but more difficult for an ISP.
And then Google get to read, index, and (at a later date) profit from your emails...
:)
Personally I've set up SquirrelMail on my little home server and am busy working out how to get it to work in https mode only.
That's got the advantage that it too is web based but it's (hopefully) private to boot (my sysadmin incompetence not withstanding
Having said that I do have a gmail account but I have every expectation that a future Google will become a.n.other corporation and all their current concerns about privacy will be slowly eroded "to enhance our customer experience whilst maximising shareholder value" etc. etc.
Sky subscribers are morons. They pay to be advertised at !
This is what I don't get about management in general. Employees have a job to do. They either do it well or they don't. But that's not good enough for some. It creates an atmosphere of some employees acting busy when they aren't, and a poor long term working environment. Managers that want to squeeze blood from a turnip will find that micro-analysing employee's time does not lead to greater long-term productivity. If your company has the resources to read every email you send to make sure YOU are being productive then they have got their priorities messed up. Measure employees on how well they do their job not on what % of time worked is work related. I'd rather have intelligent people that are happy with their work environment. Ones that execute their duties swiftly and accurately with ample room to breath between than a US Postal worker who ALWAYS works but takes 10 minutes to walk from the freeking counter to the freeking package drop off, back to the freeking counter while there are 50 customers waiting in line.
Where was I? Oh yeah, I think this is an IT learning curve for management too paranoid to keep their eye on ball.