Slashdot Mirror
Keystroke Logging Declared Illegal in Alberta
Meshach writes "The Globe and Mail has a story about how
keystroke logging has been declared illegal in Alberta Canada. The ruling applies to companies using logging as a means to track employees." From the article: " The employee, who was not named, worked as a computer technician for six months in 2004. Ms. Silver said it was a job where productivity was hard to measure. 'We thought that using an objective check through the computer would be the most fair and objective way to do that,' she said Wednesday."
There are times when keystroke logging could be appropriate, like if you are in data entry- and they need to see how many wpms you are at.
I for one expect no privacy at work, because I am being paid and am using their equipment. Then again, the toilet belongs to my company, and I don't want them watching me pinch a loaf....
And All I Ask is a Tall Ship And a Star to Steer Her By
"We thought that using an objective check through the computer would be the most fair and objective way to do that,' she said Wednesday."
That's all very well, but did she say it objectively? I have to know.
We recently had heard in the office over one of the Yellow Machine that's made by Anthology Solutions.
The first thing that popped into my head when I read this line "...the most fair and objective way..." was Fox News and their "fair and balanced" reporting.
What crackhead honestly thinks keystroke logging is "fair and objective"?
Learning HOW to think is more important than learning WHAT to think.
I don't much mind if an employer of mine monitors what I'm doing at work while being paid. In my specific line of work, sometimes I'm asked to stay late to finish a project or meet a deadline. In exchange for doing this, I expect (and receive) a reasonable tolerance of doing personal things (like surfing to slashdot) during normal working hours. But if I started doing no work, and the employer didn't have to wait until my project got screwed, and the deadline missed by months before realising that I'm not working, then I say it's well worth it. Even more so if they get one of my coworkers, since that saves me work in the long term... Privacy be damned, as long as it's not abused, I welcome it.
---
Programming is like sex... Make one mistake and support it the rest of your life.
So what else can you not do in Alberta with computers you, you know, technically own?
Can you track what programs your employees run? Can you track what websites they visit?
And does this apply to anyone who owns a computer, or just businesses with employees? Like what if you own a web kiosk in a public place, or you lend your personal computer to a friend? Can you log keystrokes from that?
In this productivity assement, fatties would have an advantage, what with all the mashing of the hands against the keyboard.
taking screen captures every 5 seconds on any employee computer under surveilance.
-Jesse
Nothing says "unprofessional job" like wrinkles in your duct tape.
Six years ago, I was contacted by a stock brokerage company in New York. They were looking for ways to track the computer use (of their developers, I believe. I think they were concerned about Internet Surfing) Like a dummy, I rambled off some ideas that could help them track usage without the employees noticing it. At the time, I thought it was a very strange call! Why would anybody secretly want to know what their employees were doing? Didn't they trust them? I never heard back from the people, and I always thought that I had "given away too much" by specifiying the programming during the interview.
Now that weird scenario has become all too commonplace, and it's just as secret as I feared. FTA, "When the employee discovered that he had been monitored, he lodged a complaint with Alberta's information and privacy commissioner."
The guy didn't even know the software was there. Now it's one thing to tell people "We're watching you. This will go on your evaluation" It's another thing entirely to do it secretly.
In the present day, clients are modeling their business practices more and more, and would like a way to track metrics. I'm all for it: if I were a businessperson or employee, I wouldn't have a problem with my boss measuring how long it took to do my work. Where I surfed during my lunch hour? Forget it. But my productivity? Sure.
Welcome To My World
Take up arms! Our nations keyboards are in jeopardy due to these evil logging tactics, soon our keystroke supply will exist only in preserved forests and small wildlife areas.
Don't anthropomorphize computers: they hate that.
If keylogging is declared illegal, how much of a stretch would it be to declare that scanning EMails or even net traffic for inappropriate material is illegal?
There goes my idea of logging all keystrokes, mouse movement, and monochrome screenshots every minute from every system on the network thru VNC. I calculated that I could get it all down to only 200mb per day for 25 systems. A 250gb hard drive could hold many years of this data.
http://slashdot.org/ ...
(refresh clicked)
(refresh clicked)
(refresh clicked)
(refresh clicked)
(refresh clicked)
(refresh clicked)
(refresh clicked)
(refresh clicked)
Paying taxes to buy civilization is like paying a hooker to buy love.
It *will* be abused and there is no ifs, ands or buts about it. CS-
...which is bullshit.
If you try to determine productivity by simply counting keystrokes, someone who's chatting with a bunch of friends all day on AIM looks significantly more productive than someone, say, doing work-related data entry. You almost HAVE to look at the keystrokes to see what's going on, or failing that, monitor some other aspect of the computer use in conjunction with keystrokes to best determine what apps are being used and how frequently.
Sounds reasonable. Except for one thing. Why did they hire some one for this job? What problem needed to be solved? Did that problem get solved?
Presumably the problem was that not enough people were typing. So they hired some one to type, and measured the typing, right?
They should've hired some guys off of IRC. They type a lot.
SCO employee? Check out the bounty
This doesn't affect me one bit. I know that there is no keystroke logging where I work. The sys admins here are complete idiots and have their heads so far up their ass they wouldn't know how to implement key logg&*%$^
!NO CARRIER
This comment was generated by a Squadron of Ultra Ninjas
"How did people ever look busy before computers?"
But to make this acutally substantive, I have a hard time imagining a job where keystroke logging, even just for counting purposes, is the ONLY way to track productivity. Productivity implies you are producing something, making progress somewhere. That has to be trackable somehow. If nothing else, make the guy account for his time in certain increments. I know that's not a great thing to do and not foolproof either, but what I'm saying is there have to be better, more objective, more thorough solutions that counting keystrokes. If not, I'll just jam down my Enter key and take a 3 hour lunch.
[sarcasm]Why not let the employer and police monitor everything you do? You only have something to hide if you are a criminal.[/sarcasm]
Fight Spammers!
'We thought that using an objective check through the computer would be the most fair and objective way to do that,' she said Wednesday."
/sarcasm
Because the amount of typing is a sure indicator of productivity.
Sorry, but about the only thing it will tell you is whether someone is spending time using email, message boards, and instant messages for personal use.
And it's poor at that, because unless they're doing A LOT of non-work related typing, you don't really know how much time they're spending doing non-work related stuff. We all type at different speeds. Maybe it's all on their lunch hour.
Besides, you can check all that stuff in other, less intrusive ways.
Objective? Please. Except in obvious cases (like data entry as another poster mentioned) this requires subjective review by its very nature.
clearly the 'productivity' excuse is just a smoke screen, and their real goal is finding good free porn.
I want the job where they have no measure of your days work other than the number of times a key was pressed:
1.turn on key repeat
2.leave heavy book laying on keyboard
3.take rest of the week off and PROFIT!
Starsucks
In addition to writing software for the company I work for, I am also the system administrator. And I have been working in the IT world for about 6 years now. In that time, I have never read another persons email. I have never gone through their personal files. This is, of course, unless asked to do so by the owner of said objects. And to this day, I still find it completely ridiculous that anybody would find it necessary to spy on their users/employees by means of logging all keystrokes.
I believe that if a person cannot be trusted to perform the operations (s)he was assigned to, that they have no business working in the same company as me, in the first place. Maybe I'm too trusting. I don't know. But what I do know is that I am respected by my coworkers for being fair and not letting my power go to my head.
Having said that, I wish key logging were illegal in all states. IMHO, certain people need to lighten up.
My lame blog.
You can't tap a phone you "technically own" either, not even in the US. If you want to record a phone conversation, you have to let both parties know. Nothing odd about that.
The idea of needing to secretly log keystokes on an employee is ludicrous.
If you, as an employer, manager, etc, cannot trust the people below you to do the work you put before them, then why are they your employees?
When it comes to computers at work, I might need to fetch files from home, they'd log my personal passwords, and all other data; that's not only unnecessary, but unfair. I trust them to not snoop my personal data that may be transmitted through a work computer, and they trust me to get my work done.
Error 407 - No creative sig found
So it would make it illegal to have video surveillance too? If you can SEE the keyboard and the keys being pressed...Other than key logging being cheaper and the obvious format differences, what's the difference?
The problem with keystroke logging is how completely pervasive it is.
It's one thing to say "We'll read all your e-mail, and any files you save." That's reasonably "what you're doing on the company network."
On the other hand, suppose you get a phone call on your cell with fairly personal information. Your doctor's phoned you up to tell you the name of the clinic to get your AIDS treated at, for example.
It's not reasonable to say "employees shouldn't take calls like that during work," because doctor's offices run the same work hours as everyone else. So you take the call, you have to write down the name of the clinic. Ok, so you pop open notepad.exe to do it. You're going to write it down after, but the doc's talking fast enough, you don't have the writing skill to do it on paper.
You *know* it would be stupid to save this file on the company network, or e-mail it to yourself. But with a keystroke logger, even though you haven't saved it, it's recorded.
There are a hundred things like this. Who hasn't gotten a phone call from his or her boss, some extraordinarily irritating interference, and typed into his or her code "I would strangle this man if he weren't in charge of my paycheck..." then deleted it?
Finally, and most importantly, keystroke loggers intercept passwords. While it may be fine to check up on what your employees are doing at work, it is abhorrent to destroy their security on every single site they might visit.
Moreover, that information is not magically placed in the hands of "The Company." The Company is not a person. The administrator is a person, and while you as an employer may trust that administrator with corporate records, your employees have a right to have their bank account passwords kept out of that administrator's hands.
Computers are, at this point, far too much an extension of our minds to log every single keystroke. It's just too detailed, too internal. There are far too many easy ways to check employee productivity without resorting to this intimate spying.
In almost all cases, you can check employee productivity by watching out for sol.exe, checking the weblogs for things like slashdot or porn, and seeing whether the employee's work actually gets done.
The ends don't justify the means in this case. Keystroke logging is insane.
I didn't look this up, but I'm pretty sure the Alberta Privacy Commissioner only has authority over government employees/employers.
I think the submitter is wrong: I don't think this ruling has any effect on a private employer. So it's not really "illegal."
No, you can't *make* them work. But you can hire them, provided that they want the job. I don't see why this should be against the law. I know a lot of kids my age (~16) that break the labour laws of their own free will so they can make more money. It works out well for everyone involved.
If I own an ATM, should I be able to keylog your ATM password?
Ownership doesn't have a fucking single thing to do with it. I assume that where you work, the land is privately owned. Is the owner of that property allowed to do things to you that are against the law? No.
This ownership bullshit is such a weak argument, especially since it appears that the extention of the argument is that the government apparently shouldn't be able to create laws that dictate the way people treat folks who use their private property. The law supercededs ownership rights, and thank for that, otherwise we'd have a tough time going after child pornographers, drug labs, etc on private property.
But hey, if you support the notion that the laws should be set around the singular wants of private owners, you're invited to my house for a beati - er, tea party.
"Old man yells at systemd"
Could you reasonably be expected, as part of your job, to purchase something and then be reimbursed by the company? For example, might you have a business lunch?
In order to pay for that business lunch, might you have to log into your bank account?
In the perfomance of this work-related duty, is it fair that the network admin for your company now has your bank id and password, which would allow him, if he liked, to take your life savings and those of fellow employees who did the same, then run to Aruba?
Keystroke logging records passwords. No matter how scrupulous you are about not discussing your sex life on work time, any non-work passwords must remain sacrosanct. Keystroke logging goes over the line.
By no means should anyone think that keylogging is an "objective" way of measuring performance. Because employee A takes care of all her work and has some free time so she gets online and chats on IRC and employee B spends all day working on the same issues (and still doesn't get them fixed), employee B is not more productive then employee A.
We need to understand that a productive worker is one who makes sure the job is done, and it doesn't matter what he or she does in their downtime. Want to measure the productivity of the tech at the library? Are the computers he is responsible for functioning properly? If yes, he is a productive worker. If it seems like he has too much free time, give him more resposibility. If he struggles with it, can him or lighten his workload.
The Internet is generally stupid
If only keystrokes are logged, try:
// . com org (insert custom signs here)
abcdefghijklmnopqrstuvwxyz 0123456789 http :
and save it into "test.txt". Then it's only matter of copying and pasting text. You can use the mouse if you want.
results: Shift, right, ctrl-c, right right right right... etc.
It's not that there aren't workarounds. It's just that they haven't been found yet.
All the porn and warez my employees have been so diligently finding for me?
www.olin.edu
Then again, the toilet belongs to my company, and I don't want them watching me pinch a loaf....
i wouldn't want to work for a company that kept logs from the bathroom either!
How can it be the company's responsibility to police employee use in order to prevent kiddie porn, piracy, death threats, etc. on company computers if your hands are tied behind your back? Companies have been often charged for crimes their employees have committed...
At a place I used to work, half the people were salesmen, who, because they went out on the road all the time, had laptops. They would change their Windows XP passwords and not tell management. They would change MANY passwords (to supplier e-commerce sites, etc.) and not tell management. They would use Hotmail to avoid corporate email (which was logged). Our IT guy would go onto their computer when they were out at lunch to run Ad-Aware and the antivirus (salesmen don't give a damn) and would find MOUNTAINS of porn, half-finished resumes, and a copy of our entire corporate network on the guy's hard drive! That's not acceptable, and the guy was warned, but all he did was a) change his password, b) set his screensaver to password protected and had a hotkey to launch it whenever he got up from his desk.
The pendulum has swung too far against the OWNERS of the property in favour of the USERS of said property.
This just makes corporate espionage, like stealing customer lists and selling them to the competition undetected all the easier.
Set heavy object down on space bar and go to lunch; let auto-repeat do the rest! Seriously, anybody that is counting key-clicks to measure productivity is just asking employees to spend 8 hours hitting random keys, and not encouraging them to do useful work. They are rewarding the typists that make lots of mistakes, then need to go back and correct them, rather than the typists that enter everything correctly the first time!
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Since no-one has appeared to gone off to find this yet, here is the report of the privacy commissioner.
.. paranoid crackpot leftover from the days of Amiga.
Alberta is a strange place to live. We arguably have one of the most conservative (both C and c) provincial governments in the entire province, but the rulings on parts of social policy always seem to swing in every which direction.
The "as young as 12" thing doesn't surprise me, for years kids that age having been working through a loophole in the system where the "parent" is hired to do a job like being a paperboy or fast food but the kid does all the work and gets the money. What happened was the parents name and age would go down on the application, but the kids SIN (Canadian Social Security #) would be put down, so the kid even got the tax forms.
What I want to know personally is how this ruling applies to students (currently a university student in Alberta). I know that my High school had some hacked up version of tightVNC installed on each computer that at times would saturate the network, and made compiling when drawing on libraries on the network drive slow as death. While I would love to see the CBE get sued or similar over some keystroke logging issue, I doubt the privacy commission is going to listen to a bunch of whiney 17ish geeks. Eventually I just used a SSH tunnel to a Terminal Server at home for all the stuff I did at school, no screwing around with disks or network drives.
Medevo
(Speaking as a NetAdmin in Alberta) Seems like it may have been simply because the library in question didn't have a computer use policy.
From CBC.ca:
"The library has changed its policy, informing employees that they have no expectation of privacy when using work computers."
but I thought that was already on /. in a prior article - if not, it was one of the bills signed into law this session.
-- Tigger warning: This post may contain tiggers! --
This is indicative of a philosophical difference between Canada and the US. In the US, business is king. In Canada, business is a means to prosperity for the owners and employees. However, it is recognized that people have to work to eat etc and that business holds the advantage over their employees.
As a result there is more legislation regarding workers rights than in the US. For example, in the US, your boss can come up to you and order you to pee in a bottle to see if you smoked a joint recently. In Canada, unless you are a pilot, railroad engineer etc where your performance could hurt others, this is forbidden. Also, I was surprised to find that in the US, paid vacation time is not a requirement. In Canada, you are entitled to two weeks per year minimum by law.
There are other examples, but you get the idea.