Slashdot Mirror
Keystroke Logging Declared Illegal in Alberta
Meshach writes "The Globe and Mail has a story about how
keystroke logging has been declared illegal in Alberta Canada. The ruling applies to companies using logging as a means to track employees." From the article: " The employee, who was not named, worked as a computer technician for six months in 2004. Ms. Silver said it was a job where productivity was hard to measure. 'We thought that using an objective check through the computer would be the most fair and objective way to do that,' she said Wednesday."
There are times when keystroke logging could be appropriate, like if you are in data entry- and they need to see how many wpms you are at.
I for one expect no privacy at work, because I am being paid and am using their equipment. Then again, the toilet belongs to my company, and I don't want them watching me pinch a loaf....
And All I Ask is a Tall Ship And a Star to Steer Her By
"We thought that using an objective check through the computer would be the most fair and objective way to do that,' she said Wednesday."
That's all very well, but did she say it objectively? I have to know.
We recently had heard in the office over one of the Yellow Machine that's made by Anthology Solutions.
"...The ruling applies to companies using logging as a means to track employees."
Was there a performance issue for this coworker? You are on company machines, I don't see a problem with it.
"I cannot think of any need in childhood as strong as the need for a father's protection." -- Sigmund Freud
The first thing that popped into my head when I read this line "...the most fair and objective way..." was Fox News and their "fair and balanced" reporting.
What crackhead honestly thinks keystroke logging is "fair and objective"?
Learning HOW to think is more important than learning WHAT to think.
I don't much mind if an employer of mine monitors what I'm doing at work while being paid. In my specific line of work, sometimes I'm asked to stay late to finish a project or meet a deadline. In exchange for doing this, I expect (and receive) a reasonable tolerance of doing personal things (like surfing to slashdot) during normal working hours. But if I started doing no work, and the employer didn't have to wait until my project got screwed, and the deadline missed by months before realising that I'm not working, then I say it's well worth it. Even more so if they get one of my coworkers, since that saves me work in the long term... Privacy be damned, as long as it's not abused, I welcome it.
---
Programming is like sex... Make one mistake and support it the rest of your life.
They should apologize to all of the people who have to disengage their keylogging operations in Alberta.
Nice!
(5 keys Strokes detected..)
So what else can you not do in Alberta with computers you, you know, technically own?
Can you track what programs your employees run? Can you track what websites they visit?
And does this apply to anyone who owns a computer, or just businesses with employees? Like what if you own a web kiosk in a public place, or you lend your personal computer to a friend? Can you log keystrokes from that?
In this productivity assement, fatties would have an advantage, what with all the mashing of the hands against the keyboard.
taking screen captures every 5 seconds on any employee computer under surveilance.
-Jesse
Nothing says "unprofessional job" like wrinkles in your duct tape.
I guess we will be seeing a lot more of daytime comments from Albertia now, eh? ;)
Six years ago, I was contacted by a stock brokerage company in New York. They were looking for ways to track the computer use (of their developers, I believe. I think they were concerned about Internet Surfing) Like a dummy, I rambled off some ideas that could help them track usage without the employees noticing it. At the time, I thought it was a very strange call! Why would anybody secretly want to know what their employees were doing? Didn't they trust them? I never heard back from the people, and I always thought that I had "given away too much" by specifiying the programming during the interview.
Now that weird scenario has become all too commonplace, and it's just as secret as I feared. FTA, "When the employee discovered that he had been monitored, he lodged a complaint with Alberta's information and privacy commissioner."
The guy didn't even know the software was there. Now it's one thing to tell people "We're watching you. This will go on your evaluation" It's another thing entirely to do it secretly.
In the present day, clients are modeling their business practices more and more, and would like a way to track metrics. I'm all for it: if I were a businessperson or employee, I wouldn't have a problem with my boss measuring how long it took to do my work. Where I surfed during my lunch hour? Forget it. But my productivity? Sure.
Welcome To My World
Take up arms! Our nations keyboards are in jeopardy due to these evil logging tactics, soon our keystroke supply will exist only in preserved forests and small wildlife areas.
Don't anthropomorphize computers: they hate that.
If keylogging is declared illegal, how much of a stretch would it be to declare that scanning EMails or even net traffic for inappropriate material is illegal?
Not only should this be illegal but I believe it should be a form of discrimination.
Why was the employee in question the only person to be monitored? This a a clear case of bad leadership and they need to find another method of evaluating performance.
Maybe they could have asked the guy to keep logs of his perforemed work.
There goes my idea of logging all keystrokes, mouse movement, and monochrome screenshots every minute from every system on the network thru VNC. I calculated that I could get it all down to only 200mb per day for 25 systems. A 250gb hard drive could hold many years of this data.
http://slashdot.org/ ...
(refresh clicked)
(refresh clicked)
(refresh clicked)
(refresh clicked)
(refresh clicked)
(refresh clicked)
(refresh clicked)
(refresh clicked)
Paying taxes to buy civilization is like paying a hooker to buy love.
This is especially important in the north woods, where bosses of some tech firms commonly threaten to discipline employees by putting them on lumberjack duty. It can really keep them on track.
Where were you when the voynix came?
It *will* be abused and there is no ifs, ands or buts about it. CS-
If keystroke logging is outlawed only outlog strokers will have keys.
...which is bullshit.
If you try to determine productivity by simply counting keystrokes, someone who's chatting with a bunch of friends all day on AIM looks significantly more productive than someone, say, doing work-related data entry. You almost HAVE to look at the keystrokes to see what's going on, or failing that, monitor some other aspect of the computer use in conjunction with keystrokes to best determine what apps are being used and how frequently.
Sounds reasonable. Except for one thing. Why did they hire some one for this job? What problem needed to be solved? Did that problem get solved?
Presumably the problem was that not enough people were typing. So they hired some one to type, and measured the typing, right?
They should've hired some guys off of IRC. They type a lot.
SCO employee? Check out the bounty
This doesn't affect me one bit. I know that there is no keystroke logging where I work. The sys admins here are complete idiots and have their heads so far up their ass they wouldn't know how to implement key logg&*%$^
!NO CARRIER
This comment was generated by a Squadron of Ultra Ninjas
"How did people ever look busy before computers?"
But to make this acutally substantive, I have a hard time imagining a job where keystroke logging, even just for counting purposes, is the ONLY way to track productivity. Productivity implies you are producing something, making progress somewhere. That has to be trackable somehow. If nothing else, make the guy account for his time in certain increments. I know that's not a great thing to do and not foolproof either, but what I'm saying is there have to be better, more objective, more thorough solutions that counting keystrokes. If not, I'll just jam down my Enter key and take a 3 hour lunch.
[sarcasm]Why not let the employer and police monitor everything you do? You only have something to hide if you are a criminal.[/sarcasm]
Fight Spammers!
'We thought that using an objective check through the computer would be the most fair and objective way to do that,' she said Wednesday."
/sarcasm
Because the amount of typing is a sure indicator of productivity.
Sorry, but about the only thing it will tell you is whether someone is spending time using email, message boards, and instant messages for personal use.
And it's poor at that, because unless they're doing A LOT of non-work related typing, you don't really know how much time they're spending doing non-work related stuff. We all type at different speeds. Maybe it's all on their lunch hour.
Besides, you can check all that stuff in other, less intrusive ways.
Objective? Please. Except in obvious cases (like data entry as another poster mentioned) this requires subjective review by its very nature.
So it is legal to make kids as young as 12 work in menial jobs that companies in Alberta are having trouble finding adults for, so long as they don't log their keyboards!
Hurray!
clearly the 'productivity' excuse is just a smoke screen, and their real goal is finding good free porn.
I want the job where they have no measure of your days work other than the number of times a key was pressed:
1.turn on key repeat
2.leave heavy book laying on keyboard
3.take rest of the week off and PROFIT!
Starsucks
managers never looked at any of the computer files that were logged.
So if they were keylogging, but weren't looking at the logs what were they looking at? Number of keystrokes? Counting keystokes isn't a great way to measure performance, because it penalizes people who are more proficient at the keyboard.
We don't know the details of the case, but it seems like the employeers said that they were using a keylogger to measure performance. This is doubtful, because there are many better ways to measure performance (Did the job get done?).
It's more likely that they were trying to monitor the actual activites of the employee.
"Can of worms? The can is open... the worms are everywhere."
We thought that using an objective check through the computer would be the most fair and objective way to do that
It sure is.
asdfghjklasdfghjkl
asdfghjklasdfghjkl
In addition to writing software for the company I work for, I am also the system administrator. And I have been working in the IT world for about 6 years now. In that time, I have never read another persons email. I have never gone through their personal files. This is, of course, unless asked to do so by the owner of said objects. And to this day, I still find it completely ridiculous that anybody would find it necessary to spy on their users/employees by means of logging all keystrokes.
I believe that if a person cannot be trusted to perform the operations (s)he was assigned to, that they have no business working in the same company as me, in the first place. Maybe I'm too trusting. I don't know. But what I do know is that I am respected by my coworkers for being fair and not letting my power go to my head.
Having said that, I wish key logging were illegal in all states. IMHO, certain people need to lighten up.
My lame blog.
This is an interesting issue because, as far as America is concerned, keystroke logging could be warped and molested into an argument about privacy in the workplace in most courts. But where I don't really think it should be illegal is the fact that almost every company I've ever seen details the fact that company computers are to be used only for company work. Conducting personal business is to reprimanded in most cases.
But with cubicle farms being so prevalent in even small offices, you really have no other way to monitor your employees. There really isn't an effective way to block all non-work related websites without letting a few through and blocking some related to clients per se. If keystroke logging is to be illegal, then so should cameras, and network traffic loggers. If employees feel like they're being watched somehow, they're less likely to spend the day playing Yahoo! Games and checking their email. Besides, how can you confront an unproductive employee without proof that they've been breaking the company policy because your logging was banned? It's not so easy then.
Perfecting Discordia
www.stevenvansickle.com
You can't tap a phone you "technically own" either, not even in the US. If you want to record a phone conversation, you have to let both parties know. Nothing odd about that.
The privacy commissioner ruled that the library had been collecting personal information. That's not the same as saying that keystroke logging is illegal. Presumably keystroke logging would be legal if no personal information were collected. The library denied that they actually looked at or used the files other than to confirm activity. The commissioner obviously didn't believe them.
The commissioner didn't say you couldn't monitor employees. He also didn't say that you have to tell employees when you are monitoring them.
This is a pretty narrow ruiling.
The idea of needing to secretly log keystokes on an employee is ludicrous.
If you, as an employer, manager, etc, cannot trust the people below you to do the work you put before them, then why are they your employees?
When it comes to computers at work, I might need to fetch files from home, they'd log my personal passwords, and all other data; that's not only unnecessary, but unfair. I trust them to not snoop my personal data that may be transmitted through a work computer, and they trust me to get my work done.
Error 407 - No creative sig found
So it would make it illegal to have video surveillance too? If you can SEE the keyboard and the keys being pressed...Other than key logging being cheaper and the obvious format differences, what's the difference?
Why didn't they just have the employee log the work they did in the day? If you're questioning how they're working why not just make them tell you what they've done in the day. That's MUCH more effective than keylogging, and then not looking at the logs. And for some reason thinking that you're getting an objective view of how much work they're getting done during the day.
Hell, if all they were doing was looking at the size of the file, all the employee would have to do is mash the keyboard for an hour a day to make the log a few hundred kilobytes long. He'd probobly win an award for being so productive.
An employer should have the right to expect reasonable performace from their employees. No one puts a gun to an employer's head saying "employ that person", and no one is putting a gun to the employee saying "work for this person".
The employer should have the right to approach their employees and tell them up front, their work is being monitored. As long as it's done in the open, the employee can't complain about invasion of privacy. If they feel their privacy is threatened, perhaps they are not doing their job. They are after all being paid to do their job. Why then should an employee feel they are being mistreated when the employer finds out through monitoring devices, they are surfing for porn or spending 50% of their time using IM with their friends or doing seriously poor work?
OTOH, as someone else pointed out, I'd expect 100% privacy IN the bathroom or in areas of the building where work is not expected to occur. However, I wouldn't feel overly offended if the boss put up a camera pointing at the bathroom door to see how much time I spent doing my business.
When I was in high school about 2.5 years ago, the Sysadmin there decided he wanted to install keyloggers on all the computers in
a) The school library (they were also running NetOP to spy on students who were trying to work....)
b) The Cisco Lab (thereby unknowingly to us breaking our signed contracts which stated we would not distribute the cisco networking academy curriculum)
He then gave the password to access these keyloggers to his lackies, who were no more than stupid students, who blatently used these key loggers to steal people's passwords, and get others in trouble...
We never did anything about it, we were going to complain to the board, but we figured no one would listen to us anyways... Now that I think about it, I regret getting that dumbass fired for revealing private information... It could have also contributed to the student records server getting hacked later in that year...
For those wondering, I went to Denis Morris High School
It had to be done... It had to be said...
The problem with keystroke logging is how completely pervasive it is.
It's one thing to say "We'll read all your e-mail, and any files you save." That's reasonably "what you're doing on the company network."
On the other hand, suppose you get a phone call on your cell with fairly personal information. Your doctor's phoned you up to tell you the name of the clinic to get your AIDS treated at, for example.
It's not reasonable to say "employees shouldn't take calls like that during work," because doctor's offices run the same work hours as everyone else. So you take the call, you have to write down the name of the clinic. Ok, so you pop open notepad.exe to do it. You're going to write it down after, but the doc's talking fast enough, you don't have the writing skill to do it on paper.
You *know* it would be stupid to save this file on the company network, or e-mail it to yourself. But with a keystroke logger, even though you haven't saved it, it's recorded.
There are a hundred things like this. Who hasn't gotten a phone call from his or her boss, some extraordinarily irritating interference, and typed into his or her code "I would strangle this man if he weren't in charge of my paycheck..." then deleted it?
Finally, and most importantly, keystroke loggers intercept passwords. While it may be fine to check up on what your employees are doing at work, it is abhorrent to destroy their security on every single site they might visit.
Moreover, that information is not magically placed in the hands of "The Company." The Company is not a person. The administrator is a person, and while you as an employer may trust that administrator with corporate records, your employees have a right to have their bank account passwords kept out of that administrator's hands.
Computers are, at this point, far too much an extension of our minds to log every single keystroke. It's just too detailed, too internal. There are far too many easy ways to check employee productivity without resorting to this intimate spying.
In almost all cases, you can check employee productivity by watching out for sol.exe, checking the weblogs for things like slashdot or porn, and seeing whether the employee's work actually gets done.
The ends don't justify the means in this case. Keystroke logging is insane.
by giving your keyboards to monkeys. Maybe just maybe your company make more profits by selling novels created from the logging.
Felt Better! Big headache is gone.
If you use Firefox, the command to open a URL is Alt-D...then to get to Slashdot (assuming you've loaded it once before), just hit "S" and the URL autofills.
Coincidentally, the command to sort a field of data in an Excel spreadsheet is Alt-D,S.
Bill Clinton: Pimp we can believe in. - The Shirt!!!
I didn't look this up, but I'm pretty sure the Alberta Privacy Commissioner only has authority over government employees/employers.
I think the submitter is wrong: I don't think this ruling has any effect on a private employer. So it's not really "illegal."
One thing I have not noticed mentioned yet is that no one is questioning the "productivity" angle. Are not most jobs quantifiable in some way? I mean, this worker was not conjuring spirits or some such? When you hire someone, you usually tell them you need to do such and such, in such amount of time, or something like that. Did they hire this person to perfect the fung shei of the library?
Once again managers, bosses, supervisors not giving a whole lot of thought into what their people are supposed to do and how that work gets evaluated. If you can not figure out an employees productivity fairly easily, then you have problems.
Ok, I see people just itching to reply about writing software, how it's so hard to define progress, how you can not do it just by lines of code per day or functions per week. This is true (mostly), but if you give at least rough timetables for when things should be done, who cares if only one line of code is done on Tuesday if the module is done on Thursday?
My guess, the boss knew the employee had access to better porn and was just trolling to find it.
Vote monkeys into Congress. They are cheaper and more trustworthy.
first no pst and now no keylogging law!! now i wanna move to alberta!!
"The fingers you have used to dial are too fat. To obtain a special dialing wand, please mash the keypad with the palm of your hand now."
Does anyone else find it ironic that the name of the commissioner involved in this case is named Mr. Work? Perhaps we should monitor his activity to see what his productivity is like...
Go, and never darken my towels again! -- Rufus
They have a "Privacy Commissioner"! In the US, we've got secret police.
"These days it's all secrecy, no privacy."
- The Rolling Stones, Fingerprint File
--
make install -not war
Could you reasonably be expected, as part of your job, to purchase something and then be reimbursed by the company? For example, might you have a business lunch?
In order to pay for that business lunch, might you have to log into your bank account?
In the perfomance of this work-related duty, is it fair that the network admin for your company now has your bank id and password, which would allow him, if he liked, to take your life savings and those of fellow employees who did the same, then run to Aruba?
Keystroke logging records passwords. No matter how scrupulous you are about not discussing your sex life on work time, any non-work passwords must remain sacrosanct. Keystroke logging goes over the line.
Nothing odd about that.
No, in fact it's extremely odd.
By no means should anyone think that keylogging is an "objective" way of measuring performance. Because employee A takes care of all her work and has some free time so she gets online and chats on IRC and employee B spends all day working on the same issues (and still doesn't get them fixed), employee B is not more productive then employee A.
We need to understand that a productive worker is one who makes sure the job is done, and it doesn't matter what he or she does in their downtime. Want to measure the productivity of the tech at the library? Are the computers he is responsible for functioning properly? If yes, he is a productive worker. If it seems like he has too much free time, give him more resposibility. If he struggles with it, can him or lighten his workload.
The Internet is generally stupid
If only keystrokes are logged, try:
// . com org (insert custom signs here)
abcdefghijklmnopqrstuvwxyz 0123456789 http :
and save it into "test.txt". Then it's only matter of copying and pasting text. You can use the mouse if you want.
results: Shift, right, ctrl-c, right right right right... etc.
It's not that there aren't workarounds. It's just that they haven't been found yet.
Because keystroke loggers are often invisible on the process table, they can be a "safe haven" for viruses and other malware - non-priv software won't detect them, so can't inform you of them. A real concern, when you consider that buffer overflows are a major source of vulnerabilities and loggers are going to have to do buffered I/O.
Now, onto the politics and privacy issues. Any company trading with Europe that also does keystroke logging COULD violate EU law on privacy, even if it is not in Europe. (EU law prohibits the transfer of personal data to countries that don't protect that data against copying and use that violates the originator's privacy. You don't know who has access to the keystroke logs and the originator certainly won't. That means, US companies can't guarantee compliance, which means those companies trade with the EU on a semi-legal to illegal basis.)
Also, if the workplace is so politicized and so badly managed that it is actually necessary to know what is typed in order to do anything, the company has bigger problems than the user they are monitoring. Companies are like organisms - if an organism's brain tried to managed ALL the internal functions of EVERY cell in the organism, it would probably explode. Either that, or be very, very inefficient. And chronically codependent, but that's more a corporate mental illness than a political or privacy concern.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Isn't the government already keylogging all of us anyway? (takes off tin foil hat) Oh wait, that's Canada. Never mind.
I work in an university in Alberta. for every new machine arriving in the building, the "helpdesk" install VNC and Altris (some kind of deployment software). Altris then download some metering and scanning software to track activities and usage of applications (including games). Depending on how much they want to know you, it'll send back report as frequent as every 2 hours.
i just want to make a point: if you are using this to evaluate performance, please let every employee know and please award those who work hard. also, please let me know how I can track the performance of those in the "helpdesk".
I object!
In Soviet Russia, Keystrokes log you?
~~"Of course, that's just my opinion. I could be wrong." ~~Dennis Miller
Most people on computers waste time buy surfing the Internet.
You can simply watch for this by watching the number site visited by one of your internal IP addresses.
For security reasons we log outside Internet connections. Not the data that is transferred but just the IP addresses involved. Excessive outside intent connections might indicate they are wasting time surfing the Internet.
I have looked at the IP logs and saw one individual accessed 203 different IP address in a single day. Possible, but not likely. It is not my job to enter those IP addresses and see what this guy was doing. But a preliminary check indicated it was I checking Slashdot articles.... so I never told anyone about it.
>Mr. Work said he didn't have the jurisdiction to
>rule on whether or not the employee was
>dismissed as a result of his complaint.
>Ms. Silver confirmed the employee no longer
>works at the library but said his departure had
>nothing to do with the privacy complaint.
Riiiiight... he just found out he was being keylogged, filed a complaint, and then randomly 'stopped working' there.
You can't talk about Wikipedia's flaws on Wikipedia
All the porn and warez my employees have been so diligently finding for me?
www.olin.edu
Then again, the toilet belongs to my company, and I don't want them watching me pinch a loaf....
i wouldn't want to work for a company that kept logs from the bathroom either!
Sounds insane, doesn't it?
There's at least one vendor out there who sells software that contains essentially this functionality. It tracks what websites you visit, and how long you surf on them, by seeing whether or not IE is in the foreground, whether the mouse/keyboard are in use when it it in the foreground, etc. I imagine it would be pretty easy to monitor damn near any application this way.
The argument in its favour, so I was given, was that the proxy server couldn't tell with enough precision how LONG people were spending looking at a given website. Management actually wanted to-the-minute counts of what employees were looking at.
I suggested to my co-workers that we might as well throw away any facade of privacy, and install video cameras behind each employee's shoulder. This way we could not only know what they did on their computer during office hours (and every single minute of it!), but also whether or not they were wasting valuable minutes doing non-work related things like reading a magazine.
As I see it, if you need to resort to these tools in the first place, you have far deeper problems with your management style. It's not *that* hard to know who's being productive and doing their work, if you have any clue what your employees are supposed to be doing.
Anyway, as an Albertan I welcome rulings like this - I only wish they would be country-wide. Paranoid employees are far less productive in the end. But hey, if I don't have anything to hide, I shouldn't mind, right?
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
Don't many department stores run hidden cameras in their changing rooms to catch or deter shoplifting?
How can it be the company's responsibility to police employee use in order to prevent kiddie porn, piracy, death threats, etc. on company computers if your hands are tied behind your back? Companies have been often charged for crimes their employees have committed...
At a place I used to work, half the people were salesmen, who, because they went out on the road all the time, had laptops. They would change their Windows XP passwords and not tell management. They would change MANY passwords (to supplier e-commerce sites, etc.) and not tell management. They would use Hotmail to avoid corporate email (which was logged). Our IT guy would go onto their computer when they were out at lunch to run Ad-Aware and the antivirus (salesmen don't give a damn) and would find MOUNTAINS of porn, half-finished resumes, and a copy of our entire corporate network on the guy's hard drive! That's not acceptable, and the guy was warned, but all he did was a) change his password, b) set his screensaver to password protected and had a hotkey to launch it whenever he got up from his desk.
The pendulum has swung too far against the OWNERS of the property in favour of the USERS of said property.
This just makes corporate espionage, like stealing customer lists and selling them to the competition undetected all the easier.
using an objective check through the computer would be the most fair and objective way to do that
So the people who bat away mindlessly at the keyboard get paid more?
Coder's Stone: The programming language quick ref for iPad
Too bad GPS doesn't have millimeter resolution.
Make that...
Thank goodness GPS doesn't have mm resolution.
... any chance of it staying secret will be gone.
Just because it CAN be done, doesn't mean it should!
I worked for Revenue Canada last year while I was in school at a Data Entry Clerk.
We used to have our wpm logged all the time and at the end of each week, our manager would tell us how productive how many wpm we had and how many errors we made on the tax forms(there were ppl who used to re-check the data entered). And based on how good ur keystrokes were, you would be elig.. for the next season. And depending on how many years you worked they increase the requirement.
Seems like a pretty good system, however sometimes you can be slow and its not even your fault. I've had ppl who forget to enter their name, address, postal code, sin#, or ppl who can't add etc.. and then everytime they screw up, we have to go through the manual to figure out how to deal with it.
I wonder how this ruling would affect the CCRA employees.
Some see the vessel as half full; others see it as half-empty; We pour it out on the floor and laugh
I am an employer and I feel that trust should not be an issue. That is what contracts are for. We both agree that instead of trusting each other, everything will be clearly explained and tracked. This increases efficiency and (dare I say) communication. If I'm paying you to come to my office, and work on my computer, then I have every right to track you while you are on the clock. If you are downloading porn or writing personal emails instead of doing your job, then why should I pay you? However, during "personal time" such as a lunch break, etc. I have no right to invade your privacy and track you. I found it unfair and stupid not to tell the employee he was being tracked. By telling the employee, the employee would most likely be more efficient (out of fear of getting caught doing what they are not supposed to be doing).
Set heavy object down on space bar and go to lunch; let auto-repeat do the rest! Seriously, anybody that is counting key-clicks to measure productivity is just asking employees to spend 8 hours hitting random keys, and not encouraging them to do useful work. They are rewarding the typists that make lots of mistakes, then need to go back and correct them, rather than the typists that enter everything correctly the first time!
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Since no-one has appeared to gone off to find this yet, here is the report of the privacy commissioner.
.. paranoid crackpot leftover from the days of Amiga.
It seems to me that keystroke logging would be a way of measuring non-productivity. I mean, you'd think that a computer technician would be working potentially on OTHER terminals and not necessarily the employee's primary system (depending on the job role). Why not just utilize software to capture technical issues and resolutions -- most of which probably have some sort of time-stamp functionality.
I give men fish.
IIRC, in the US courts have used the "reasonable expectation of privacy" as a litmus test to see if a monitoring activity is intrusive.
Under this paradigm, NOTHING you do in the workplace other than going to the bathroom carries a reasonable expectation of privacy, unless someone with certain powers (such as the CEO) tells you (usually in writing) that a particular communication is private.
Most courts have taken a pretty open view about what an empoloyer may do to monitor employee behavior while on the jobsite. Essentially if you have an office or cube, all your conversations that might reasonably be overheard on accident are fair game. Certainly any communication via email is fair game.
This is simply because of the number of ways that a person might be publicly observed. The long and the short of it is that if you do it at work, you had better hope that your employer doesn't mind.
"We don't know what we are doing, but we are doing it very carefully,..." Wherry, R.J. Personnel Psychology (1995)
I once worked for a company that had a "you have no privacy" policy but everyone knew they didn't routinely enforce it.
However, once management figured out one particular employee was up to no good. I'm not sure if someone tipped them off or if they just noticed "unusual bandwidth" on a particular network segment.
In either case, they started doing heavy monitoring and let the guy keep doing what he was doing for a few days. He was gone shortly thereafter.
As an employer, you do have to trust your employees, but you also have to be able to quietly investigate if you have a reason to think that trust has been betrayed.
Good thing that company put everyone on notice on the date of hire.
if they're trying to log keystrokes along with internet activity, now the employer will have to go to their ISP to find out...since they are required to know what ppl are doing online. ;-)
i wonder if they'll need a subpoena for records about themselves...
(Speaking as a NetAdmin in Alberta) Seems like it may have been simply because the library in question didn't have a computer use policy.
From CBC.ca:
"The library has changed its policy, informing employees that they have no expectation of privacy when using work computers."
You save the company some money on office gear and you maintain your personal privacy.
Trust and accountability have no place in today's workplace apparently.
But then again, technical solutions for social problems don't really work. You can track WPM/typing, but everyone has to take a break, and taht would drop the WPM substantially. Even if they type 100WPM when typing, they might average 10WPM with the logistical legwork added (paper shuffling, lunch, breaks, bathroom runs, etc).
Why not just monitor internet usage normally and find some better way (like how many things you've done that day in the system?) rather than raw keylogging.
I'd be pretty pissed if I found I was being keylogged at work. They didn't tell me, and have thus stolen my passwords and possibly my bank account information, since its in a file of theirs someplace. Isn't that opening up to be sued for privacy violations?
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
FTA:"Ms. Silver confirmed the employee no longer works at the library but said his departure had nothing to do with the privacy complaint."
Sure it didn't *wink* *wink*.. I hope he drags their asses to the labour board as well.
but I thought that was already on /. in a prior article - if not, it was one of the bills signed into law this session.
-- Tigger warning: This post may contain tiggers! --
What the hell would you gain from logging keystrokes?
I'm also a sys admin, and I can't see anything useful I'd gain from that. If we wanted to know what an employee was spending time on, the most useful thing would probably be to track web access, as generally that's how people goof off (that's how I'm goofing off right now). Other than that, things can simply be removed from the computer (like solitare). If all they have access to is work apps, it's difficult for them ot waste time on the computer. Then they'll probably just waste time staring at the wall.
I can think of nothing I'd gain from seeing their keystrokes. In fact, teh amount of time it would take me to look through a log and figure out what is what would negate any infromation we'd get. However it does seem like it'd be extremely useful if I had ill intentions and wanted to go and capture bank passwords or something like that.
I'm anti-monitoring in genreal but in this case it's jsut stupid. It seems like it has no legit use, and many bad ones.
This is indicative of a philosophical difference between Canada and the US. In the US, business is king. In Canada, business is a means to prosperity for the owners and employees. However, it is recognized that people have to work to eat etc and that business holds the advantage over their employees.
As a result there is more legislation regarding workers rights than in the US. For example, in the US, your boss can come up to you and order you to pee in a bottle to see if you smoked a joint recently. In Canada, unless you are a pilot, railroad engineer etc where your performance could hurt others, this is forbidden. Also, I was surprised to find that in the US, paid vacation time is not a requirement. In Canada, you are entitled to two weeks per year minimum by law.
There are other examples, but you get the idea.
As with any part of the procedure manual, new or old, it is your responsibility to be thoroughly familiar with this material. Estimated reading time for this document is 15.62 minutes (and don't think we won't check). ...
Y.T's mom pulls up the new memo, checks the time, and starts reading it. The estimated reading time is 15.62 minutes. Later, when Marietta does her end-of-day statistical roundup, sitting in her private office at 9:00 P.M., she will see the name of each employee and next to it, the amount of time spent reading this memo, and her reaction, based on the time spent, will go something like this:
Less than 10 mm. Time for an employee conference and possible attitude counseling.
10-14 min. Keep an eye on this employee; may be developing slipshod attitude.
14-15.61 mm. Employee is an efficient worker, may sometimes miss important details.
Exactly 15.62 mm. Smartass. Needs attitude counseling.
15.63-16 mm. Asswipe. Not to be trusted.
16-18 mm. Employee is a methodical worker, may sometimes get hung up on minor details.
More than 18 mm. Check the security videotape, see just what this employee was up to (e.g., possible unauthorized restroom break).
Wow, it sure is lucky your buttcheek somehow managed to hit the Enter button! Otherwise you'd never have hit Submit and we would never have found out about your valiant aciton!
Ron dies in chapter 9 of book 7.
When we spam your channel with gigantic colourised ASCII penises and Harry Potter slashfic, that's not us typing it all in by hand, you know.
Ron dies in chapter 9 of book 7.
All this stuff about keystroke logging, taking screen captures etc is stupid.
The only things that should matter as far as empolyees go are:
1.Is the employee doing things that are illegal or bad (e.g. accessing porn on company time, downloading illegal songs over the company network, running copies of Quake on the company PC etc etc)
2.Is the employee doing things that are bad for the company (e.g. stealing company scerets, using company equipment to moonlight or to work for someone else)
3.Is the employee doing their job (e.g. for programmers, are they writing the code they need to write in the time they have been told they have to write it in)
and 4.Is the work satisfactory (e.g. for code, is the code good enough)
As long as they do what they need to in the time they have been given to do it and as long as the work is good enough then the only things employers should be concerned about is things that are illegal or innappropriate and things that violate employee contracts (like stealing company scerets)
Monitoring of internet access and email and group policies to lock machines down so they cant be messed with and good physical security measures (e.g. locked down USB ports, restrictions on taking devices into the office, security cards to keep unwanted visitors out etc) should be able to stop or detect illegal or inappropriate things.
And detecting if they have done their jobs by monitoring things like how much code they contributed and how good it is is far better than trying to monitor via keystroke logs and screen capturing.
Can anyone think of any situation where keystroke logging, screen captures etc would catch something that other methods (i.e. email/internet monitoring, physical security) wouldnt?
they didn't declare that keystroke logging was illegal, they declared that hidden keystroke logging (where the user isn't aware of it) is a privacy violation.
Yes, it's the company's computer, but as with the phone, they can't just record your phone calls without telling you; you do have a certain right to privacy.
If you want to run a high security environment where you tell employees that no personal work is permitted from the computer, and that every keystroke is logged, that's probably just fine, just as you can run a call center and tell your employees that every phone call is recorded.
...is going have to upskill her cracking skills for any future movies I guess.
So now I can't secretly spy on my employer anymore? Crap! I had some pretty sexy chat captures from our CEO! I can't believe Alberta made Slashdot! Go local legal skirmishes!
"Immature artists borrow. Mature artists steal."
Wes Borg
Because that's what contoso.com goes to. Hmmm...
Work for yourself, you can spy on your employees and your employers without violating anyone's privacy. Be your own CEO! Or maybe that's stupid.
"Immature artists borrow. Mature artists steal."
Wes Borg
The judgement of an employee's effectiveness should be: is the work done (well)? Micromonitoring, much like Dubya's NCLB school testing, does little more than replace the real goal with a stupid measurement that causes the organization to focus on manipulating the metric outcomes instead of getting the job done. Yes, Mr. Deming, a well-designed metric measures actual success. In real life, however, metrics are made up by incompetent management monkeys, who fail to measure the metric's effectiveness in judging success. Continual process improvement means continual metric improvement, too. The problem is that you have to be able to judge success outside of the metric to improve it, and an inability to do this is what causes many people to fall back on metrics.
In conclusion, the inch is bigger than the centimeter, so as Americans we must avoid the metric system at all costs.
If the company measure a person performance by monitoring the number of time he/she press the keyboard, then I must be the most unproductive worker :)
:)
:)
I reuse most of my source codes for new programs and most of time, I just copy and paste using my mouse
But if the employees are aware of the company's policy. They can create a macro/program that continuously sent key stroke to the monitoring program even when they are not at their terminal
If it seems like he has too much free time, give him more resposibility. If he struggles with it, can him or lighten his workload.
It is this manegerial attitude (the 'can him' part) that gave birth to the deadly phenomenon of 'going postal' in the first place!
When people become 'tools with pulses' and 'a persistent drag on the corporate bottom line' what else can you expect?
If 'bosses' and 'workers' TRULY treated each other with respect and understanding, there would be no need for things like:
Minimum wage laws, occupational safety laws, laws against all forms of harassment and discrimination, unions, etc.
Thanks to 'the love of money', the worldwide workplace is a convoluted imbroglio of rules, regulations, and the resulting lawsuits that occur when they aren't followed.
What a mess....
And I just ordered a KeySpyer from keyspyer.com
Any word on if it is legal for private use, outside of a company?
Privacy slide into militarystate. They pay you to do "this" - as long as you do "this" they should shut up and stay out.
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
As a youngster, I took a job where work was assigned via a computerized Work Planning and Control system. The WP&C graded each task according to difficulty and then determined how long it would take a successful employee to get it done. Similar work was bundled together and printed tags went on each batch. Each batch took an hour. This was paperwork processing, so a batch of difficult work might be a tenth of an inch thick. A batch of simple work might be two feet tall.
You came in each morning, accepted 8 batches (hours) of work from the assignment clerk, took them to your desk, and went to work. There were always a few people, maybe 10%, who couldn't get finished during the day. About half of the workers could finish in 6 or 7 hours; they tended to take long lunches and breaks and actually finish up right at quitting time.
A few of us, though, had a different situation. I'd grab my 8 hours worth of work, get it done in about 90 minutes, and spend the rest of the day hanging out, wandering the building, and shooting the shit with anyone who wanted to listen. Often, I'd get bored enough to go grab another 8 hours work and blow through that in the last couple of hours of the day. Whenever there was a crunch, management could count on me to check out 20 or 30 hours of work and get it done in a day, putting us back on schedule. Because the WP&C showed I generally did the work of two people, minimum, management thought I was the best employee they had. I, on the other hand, was bored silly.
Here's my point - No matter how management chooses to measure productivity, that measure will not apply to some people. Some people will show up as extra-capable when they really aren't. Some people will show up as poor quality workers when they really aren't. Outside assembly-line (and conceptually similar) work, the only accurate measure of my worth as an employee I've ever been subjected to was a situation where I was evaluated by my coworkers. Generally, they guy who sits next to you knows better than anyone whether you're actually working or not.
Effectively measuring worker productivity in any complex job is a very tough nut to crack. A crutch like a keystroke logger (or the WP&C system I outlined above) is strong evidence that the management was too lazy, stupid, or both to put in the thought and effort required to do a good job of measuring their employees.
This is only a problem in the computer industry. We don't want our "keystrokes" to be monitored. Waaa Waaa Waaa! What about all workers in the construction field? They have all of their work monitored, and the results of everything they do, on the job, on break, all result in either a pat-on-the-back, or a good ass-chewing. I can sit here at work and type all this meaningless shit on slashdot, and my boss will not ever care. But if I tried this shit out on a job somewhere, forget it. If your boss wants to log your keystrokes, let'm. What's the big deal?
We had this customer who was irate that his new computer was acting up and it was new I built it myself. No reason for it to be acting so strange. He brought it in we checked it out seemed fine.
He comes back complaining again. We replace the entire PC. He leaves happy for 2 days. Then he comes back demanding a refund.
We tell him if there is something wrong with the PC we will make it right. Leave it with us and we'll throw everything we got at it. He does. His wife comes in an hr later. "Can I see my husbands computer for a minute, I just need to check one thing.?" Sure come on back. She presses Shift Ctrl ScrollLock or something similar & up pops this EVIL unnoticable Screengrabber. She quickly scans through the last 3 days worth of pics. Instant message from her teen daughter, Web surfing of her hubby 3 pics a second. Gobbling up space & cycles. If she doesn't check it daily & dump it fills the harddrive with 1280x1024x32 Pics. I explain to her it is unnecessary to grab so many, 1 every couple of minutes is more than sufficient. She asks me to promise I won't tell her husband. I promise she tips me 50 bucks and promises to bring me a bottle of wine (her Idea).
Later that same day.
The owner (who has dealt with the husband only on more than one occassion since the sale.) checks in with me to see if I found the problem. I calmly explain the situation, and the promise. He asked me "Did she make you promise not to tell me?"
Obviously I can not and did not make that promise.
"Well then, I never promised her shit. But I did promise her husband I would find out what was up & fix it." Cue Dialing.
Later that same day, Hubby comes in pays us for all our service (3 hrs on site. 3 trips to the shop) and tips me 50 bucks.
Still Later
She comes in like a rocket right passed the counter into the bench area Slams down a shiny bottle of wine & says thanks a fuckin lot.
My boss says thank you come again.
The husband still shops there service & purchase.
Moral of the story: If you are gonna spy on your kids do it with your loved one. Opened the wine on my wedding day. Wife loved it.
OSGGFG - Open Source Gamers Guide to Free Games
That's not really the point I was going after.
If you truly have a lazy employee (and yeah, they exist) who spends all of his time goofing off and doesn't get the job done, I'm pretty sure getting rid of him is a smart move.
Or, if you are paying good money for an employee who, despite their best efforts can't handle the work load which other employees have no problem with, then she really isn't right for the job either.
But that doesn't mean you don't treat your employees with respect. A company that's a success is typically one that understands that the well being of their qualified, productive employees are more important to them then their customers.
The Internet is generally stupid
A friend of mine, who was at the time the sysadmin of a moderately large company, once told me that management wanted him to start tracking personal internet use.
The reason? The load on their internet connection was so heavy that it was affecting job-related activities. Mind you, that was in the early '90s and bandwidth per capita was quite meager.
I suggested that he announce a new corporate policy - all internet traffic is to be logged, analyzed, broken down, summarized and anything suspicios or compromising will be sent to corresponding sent to department heads.
I argued that the mere announcement would be enough to fix the problem so no actual measures will have to be implemented.
He tried it. It worked like a charm.
Traffic immediately dropped to manageble levels, management got off the admin's back and people stopped sending sensitive emails over unsecure protocols (a good thing!)
The exception from the privacy laws is for a government agency so that they may perform government functions. The privacy commisioner determined that the use was not neccessary as a government function which prohibited the use the same way that a corporation is prohibited.
Fight Spammers!
There is a lot more to this story than meets the eye. If anyone cares to delve into this in a little more detail feel free to check out my blog (click the URL above). The bonehead lawyers representing Parkland Regional Library have issued me with a "cease and desist" order so it's hard to say how long the information will be available. In any case I'm happy with the decision I received from the Privacy Commissioner and I did it on my own without legal counsel. Just goes to show you what kind of lawyers they had assisting them. Most of the documents relating to this case are available at the following URL: http://www.terremoto.ca/privacy/privacy.html Dan W. Armeneau
interstellar_donkey: Or, if you are paying good money for an employee who, despite their best efforts can't handle the work load which other employees have no problem with, then she really isn't right for the job either.
:) )?
In this case, you can:
1) Put/dump the extra work the employee in question can't handle on the other employees. If they are paid by the hour, you may be in for (unwanted) overtime expenses.
2) You can fire her and get someone else. Won't that be rather expensive (if she is not let go on solely job performance reasons)? Will her replacement be as trustworthy and more productive as she was? How many replacements will you have to hire and fire before you can find the one person who can take up the workload the employee in question couldn't handle? Could it be that it is ultimately cheaper to do option 1 or get rid of her and personally replace her (you do trust yourself, do you
No wonder the credo of entrepreneurship is 'Fire Your Boss!' The people who are truly self-employed and depend on no one but their customers for their next paycheck have nothing but awe and admiration from me--how about you?
I see it this way, It is hard if not impossible to deal with every bone-headed moron, crook, thief, etc. In a LARGE production environment. You are on my network, my computers, and playing in my sandbox, if you don't like me watching you play, go play elsewhere.
Duh! It's because of our Alberta's FOIP law. Freedom of Information and Protection of Privacy Act. You can't collect any personally identifiable information without a) letting the person know, b) for legimit legal/lifesaving reasons, and c) plain and simple: it's against the law. Plain and simple.
Check out the law here..
From the FAQ on the law...
Your employer can collect personal information that relates directly to and is necessary for an operating program or activity, as well as any information they are authorized by other legislation to collect (section 33).
Under the FOIP Act, your employer must tell you what authority they have to collect this information, and how it will be used (section 34(2)).
Normally, your employer must collect personal information directly from you. However, section 34 of the Act allows for information to be collected indirectly in some cases, for example, to determine whether you are eligible for a program, benefit, honour or award, or for the purpose of collecting a debt owed to the public body.
Guess this is really a moot point. Keylogging, if done discretely, and is without merit other than to spy on activities or productivity, is illegal. Plain and simple.
Management is doing things right; leadership is doing the right things. - Peter F. Drucker