Slashdot Mirror
63% Of Corporations Plan To Read Outbound Email
John writes "Aviran's place reports that a recent survey of 332 technology decision-makers at large U.S. companies reveals that more than 63% of corporations with 1,000 or more employees either employ or plan to hire workers to read outbound email, due to growing concern over sensitive information leaving the enterprise through email."
The funny thing is... well, not so much funny as it is disturbing, signing an employment contract.
Remember that signature on that thick paper you've signed prior getting that high paid tech job? The one saying that everything you think of during working hours is theirs? The one that maybe is saying (in some cases) that everything you think on and off during working hours, while employed or 3 years after also belongs to them?
Well, it seems to me, and I might be way off here, that thinking up an email by an employee is in fact his company's property and hence, they have all the rights to read it, and it doesn't breaks anyone's right to privacy.
Can anyone with legal experience enlighten me on this one? Do the bastards have the right to do so, provided that one doesn't sign a document that explicitly states "you can read my email" but instead contains a fine version of "all your bases, off lunch hours, belongs to us?
Who do they hire to read the outgoing emails of the people they hired to read outgoing emails?
This is so far ahead of it's time I just don't know what to say...
I can't send more than maybe one or two MB of data through my email.
But I can easily shove a 1GB USB stick up my ass and walk out past the guards.
For example if I include the name of one of my company's products plus "bug"/"flaw"/"crash" then I can expect a follow-up scolding from HR. (I found this out the hard way) Course that's cake compared to the other spying and practices that go on.
My corp uses AIM for internal communications, and I am really disturbed by this. I'm amazed the local admins have allowed this to go on. Basically all our conversations are going through AOL's servers and the internet, in plain text. And there is ABSOLUTELY no reason for this, since we're all on the local LAN.
I'm planning on setting up a jabber server on the linux box there, but it may be a chore getting employees to switch from AIM to something like gaim or trillian (does trillian support jabber?)
Nope, you are getting it all wrong, imagine the following: "And by this, my dear shareholders, our development team will know that their email is read, thus, reducing the time they spend on writing non-work related emails to minimum... and..." :) Management 101 = "everything is magic"
From: steve@apple.com
To: paul@intel.com
Subject: Execute Order 66
Dear Paul,
let's do it,
signed
Steve
Really. This wouldn't affect me in any way, because I never use work time for personal business, and I like my boss! He's so clever and intelligent.
A recent survey of 332 technology decision-makers at large u.s. companies reveals a growing concern over sensitive information leaving the enterprise through email and through USB memory sticks hidden in their employees ass.
In its 2005 study on outbound email security and content issues, email security vendor and ass searching expert Proofpoint found that more than 63% of corporations with 1,000 or more employees either employ or plan to hire workers to read outbound email and search their employees ass when they arrive and leave from work.
Tat Tvam Asi
>What's to stop employees from just logging into a private webmail account over HTTPS and sending information out that way?
Keystroke logging.
So if you're an employee who values privacy and wants to send a bit of private personal email once in a while on your personal web mail account (say, gmail), the only way to retain that privacy is to either do all that mail through a cell phone, or install an OS that the IT people don't have a keystroke logger for. Where I work all our computers have the corporate spyware installed from day one. To have privacy, you have to find some obscure Unix distro (Red Hat isn't obscure enough; they have that covered too) and use it.
This is oh-so-wrong on too many levels! One (that's too many.)! There are so many ways for employees to betray a financial or corporate trust. Likewise, there are many ways for an employer to betray a trust. This would, in my opinion, be one of the most onerous with many potential avenues for backfiring.
Consider the disgruntled or dishonest employee. Think they're intent to betray a company is stopped by this policy? Not a chance! This kind of "policy" would only bolster a disgruntled employee's rationalization/justification, etc. to follow through with betrayal. They only need choose some mechanism other than e-mail and there are many.
Now, consider the neutral employee... a policy like this could create a tipping point and generate resentment enough to give cause to consider doing something subversive to a company. After all, the company, by fiat, is essentially assuming an employee is "up to something".
Finally, consider the loyal employee (how many of those will there be after widespread policies like these?)... A quick glance around and loyal employees may begin to wonder what end from loyalty....
No, this is just plain bad policy.
The people who were hired to read the outgoing email of the first group of people hired to read outgoing email have been sacked.
Raise your children as if you were teaching them to raise your grandchildren, because you are.
...will begin reading their incoming e-mail.
My comments are my own, and do not represent the views of my employer, my spouse, my children, or my cats.
I once worked at a small software firm (50 emplyees) and we "merged" with a larger one. What was once an open workplace of mutual respect quickly became one location of seemingly untrusted drones. The new corporate office demanded a firewall, so they could watch what we visited. They snooped people's Exchange folders. Etc.
It had never occured to me to betray my employer. But when they started treating us as untrustworthy, my fellow admins and I came up with all manner of methods to thwart the security measuress. It helped, of course, that we were privy to those measures, which we were sure to disclose to fellow workers who had no idea.
And you'd better be *really* thorough with that Acceptable Use Policy. :) Sure, you can watch what I visit on the web, but it may only *seem* innocuous. One user on the inside may be sending weird HTTP requests to a legit-looking site. But in reality, those requests are lines of an ASCII armoured PGP file (properly URL-encoded, of course).
I don't care if it's the company email server, on company time, yadda-yadda-yadda. And I don't care if the ream of paper I signed to put food on the table gives them the right to records phone calls, archive email, and takes ownership of portions of my brain -- 'cause they *all* do it these days. It's not outright collusion, but the end result is pretty much the same.
If the company expects me to interrupt home/private time for their beneift, they'd better damned well respect my privacy on the job, because there's little time to tend to personal affairs requiring 9-to-5 services otherwise.
"That badge don't make you right."
Method of processing duck feet
The people who sacked the people who were hired to read the outgoing email of the first group of people hired to read outgoing email, have been sacked.
Raise your children as if you were teaching them to raise your grandchildren, because you are.
"you've no more expectation of privacy than you do on a CB channel."
Might as well go all PsyOps on their corporate asses then.
Have some outside dummy accounts you can send email to. Send messages full of glowing comments re: boss & company, and others that refer to a mysterious dark conspiracy that haunts your past. Something involving genetic experimentation, a mad European scientist, and a mysterious Brazilian clinic.
Then the week before you quit, start sending mysterious messages encoded in pig-Latin.
"The owls-nay are not as they eem-say."
Company secrets leaking out through email? Hell. 80GB walking out, as per company rules, in my backpack every single day.
I used to work for a university in the MBA school. In order to get the best possible professors for our students we had to allow them to do consulting for large companies on the Uni's time as we couldn't afford to pay them what the going market rate was. This practice was regulated in that they could only spend 30% of their time consulting and they couldn't use any of the schools recourses (IE letter heads, websites, secretaries etc..). Now on the face of it this worked well for both parties as we got the best from industry plus the profs got the salary they had come accustom to. However, as human nature would have it, the profs got greedy and started abusing their position and students started to take notice that the very expensive course they had just paid for was suffering. So as IT we were charged with implementing all sorts of monitoring to gather evidence of these facts to weed out bad apples, otherwise the school would go bust and 100's of people would lose their job. The loss of privacy I can live with, the loss of a single mum's job because of a greed fat man I can't. If faced with that decision again, I would make the same choice in a heart beat.
There is also another good reason for this which is not entirely related to sensitive information leaving the company via company email and that is the sexual harasment/bulling. It is necessary to monitor email to limit this kind of activity before it blows up in your face. We recently did a audit of email boxes and found that 60% stored what would be considered (by law in Australia) as a offensive amount of porn that the company could be and would be held laibale for. What was worst was massive internal/external mail groups that were being sent to. I have no problem with porn (of the legal kind) just view it and send it on your own time. No one likes to see you spanking it at your desk!
It said "windows 98 or better" so I installed Linux