US Firms Read Employee E-mail On a Massive Scale

An anonymous reader writes "In its fifth annual study of outbound e-mail and data loss prevention issues, Proofpoint found that 41% of the largest companies surveyed (those with 20,000 or more employees) reported that they employ staff to read or otherwise analyze the contents of outbound e-mail. 22% of these companies said they employ staff primarily or exclusively for this purpose."

No hidden agenda here

[Lord+Grey]

From ProofPoint's products page:

Proofpoint's unified email security and data loss prevention solutions provide complete protection against both inbound and outbound messaging threats. Learn more by exploring the Proofpoint Platforms and Modular Defenses links, below. Proofpoint solutions:

• Defend against inbound threats such as spam, viruses and denial-of-service attacks
• Prevent leaks of confidential or private information with robust, easy-to-use data loss prevention features
• Encrypt sensitive information, based on customizable email security policies
• Analyze messaging infrastructures and implement data loss prevention policies immediately
• Are available in multiple deployment platforms including hardware appliances, anti-spam virtual appliances, software and on-demand service

It may be just me, but I get really suspicious when a company in any business sponsors a survey and then uses the results to justify their own existence.

Is this surprising?

[Reality+Master+201]

Particularly for the Slashdot crowd? Hell, a portion of the readership is probably responsible for helping to implement such measures.

Don't use your work email for personal stuff. It was never a good idea, and it's becoming ever less of a good idea. Don't say anything in an email that you wouldn't say in person or in writing. Be professional.

Also, don't forward chain letters, don't send around forwards of kitten pictures, pr0n, jokes, political screeds, etc. etc. Most people don't want to get it and you're wasting bandwidth.

Re:Is this surprising?

[thermian]

having seen the amount of crap that gets sent around work email when it's not monitored, I can see the purpose of checking the email of employees.
Personal emails should only ever be sent from personal email accounts. That's just common sense.

After all, how dumb is it to put personal information into a system that is likely to see it archived for years in a system you are unlikely to have any control over.

Work email should be just for that, work. Just saying that won't work though, people, especially people who use computers, act with some kind of weird collective stupidity at times that can cause even the most sensible people to do and say things they would never do otherwise.

Better to monitor and make sure everyone follows the rules then have an email from your company showing up on the Internet saying something you would never condone.

Before any 'ooh, I've read 1984 so I am an expert on surveillance societies' morons chip in, I'm talking about the cold hard reality of business here. One wrong word can send stock prices through the floor.

"Otherwise analyze"

[Otter]

...staff to read or otherwise analyze...

I would imagine that that breaks down to 100% running scanners against email and maybe looking at flagged messages and 0% routine reading of email.

Given the tedium of slogging through just my own email, you couldn't pay me to spend all day doing that for other people.

Re:Surprise? Nope. I had a boss, once...

[Reality+Master+201]

And how long did you stay there? If it was more than 2 weeks past however long it took to find another job, you're a sucker. No offense, but that's some super-duper bullshit treatment.

Should this surprise anyone?

[Dreadneck]

Of course companies are going to monitor information being sent out over their internet connections. They would be crazy not to. Want privacy? Email on your own time and your own dime.

Re:It's a waste of money.

[maxume]

The shadiest thing they could possibly do is to monitor your email and not disclose it.

If they are disclosing that they monitor your use of their resources, you can choose if you are willing to put up with it or not.

Re:Your rights?

[Hankapobe]

I hope people realize this is evidence of how reasonable it is for a company do monitor your e-mail rather than acting like they are being violated. You can't chat online with babes all day.

I agree with you. Also, it doesn't even have to be like that.

I see it like writing a letter and using company letterhead - only it's a domain for email. Your correspondence can imply that it's part of the business of the company you're sending it from. Now, I know someone is going to write, "So, if I send an email from my Yahoo! mail account it implies that I'm doing Yahoo! business?!"

No. That's not what I'm saying. If I'm at my place of employment and send an email to someone that may be inflammatory, offensive, threatening, or whatever, someone can come back and say, "Hey, what's this? Someone at XYZ Inc. is threatening folks?!?"

Re:Secure your email

[Penguinisto]

Trust me - if the email admins noticed you, Joe Low-Level Employee, shuffling encrypted emails back and forth, you'd be frog-marched out of the corp faster than you can say "WTF?"

Small companies? One admin who does email in addition to everything else. Mid-sized companies? There's prolly one, maybe two dedicated admins, and they're more interested in using your emails as a means to track SMTP problems than in reading what's in 'em.

Large corps? Heh - you're just begging for attention if you start flinging around abnormal-looking SMTP traffic; esp. in really big companies that get a touch paranoid about such things as corporate espionage.

You'd be better off risking the attention of the proxy-minders with webmail than by dicking around with encryption on your email client. Using the proggies you linked to also tends to stick up like a sore thumb in any workstation app auditing... and you could conceivably get fired faster for loading unauthorized software onto your corp-issued equipment than a quickie email to your girlfriend describing in graphic detail at what you want to do to her when you get home.

Besides, most email admins have better things to do than grep emails (e.g. battle spam, figure out and fix bounces from remote mis-configured servers, curse at Verizon's RFP-non-compliant configs, keep enough inodes handy in /var, pound the load averages down to something sane, beg the powers-that-be for decent equipment, etc).

Unless your corp specifically has good reason to be ultra-anal about security (e.g. gov't contractors, Microsoft/Intel/IBM-sized corps, etc), then monitoring user emails with anything beyond simple log and traffic grepping tools is a waste of resources and time. Any company that spends more time watching their employees than their customers is a company that isn't long for the world these days.

/P

Re:Secure your email

[drsmithy]

Large corps? Heh - you're just begging for attention if you start flinging around abnormal-looking SMTP traffic; esp. in really big companies that get a touch paranoid about such things as corporate espionage.

There is an implied point here that deserves highlighting.

The people who are employed specifically to analyse outgoing mail, aren't looking for you emailing your girlfriend during working hours, forwarding chain letters, or calling your boss names. They're looking for the folks whose "inappropriate" mail will cost the company big $$$$ - corporate espionage, sexual harassment, etc.

Most people will never be in position to be monitored thus, because they'll just never be "important" enough.

Not even Google would allow "special" browsing ...

[AHumbleOpinion]

What I still don't get is why things like web surfing etc. are necessarily always seen as bad by companies.

Note that the original poster wrote 'I stopped "special" surfing at the office'. There is a pretty high probability that this is referring to porn. Tolerating employees visiting porn sites is one way a company can get sued. Of course while the solution described in this article is cool and amusing, it is probably another way to get a company sued.

Ever wonder why Google is so successful? ...

Inertia mostly. They had a brilliant idea a while ago and have refined it since then to maintain competitiveness. Google has done many cool things since then but they are mostly a drain on success or neutral, some mild successes, but no big successes outside the original domain. Also, it is doubtful Google allows employees to browse porn sites either. With their deep pockets their fears regarding law suits are going to be pretty high.

... Here's a hint: corporate culture and motivation

Clue: "Law of Small Numbers", http://en.wikipedia.org/wiki/Hasty_generalization. :-) Google pretty much has a dot bomb culture. I think the spectacular success of one instance of a dot bomb culture is distracting you from the many failures. It is premature to say that Google's success is due to anything beyond a brilliant idea at the right time combined with rich angel investors. Their initial success and its continued dividends allows them to afford many inefficiencies, perhaps many elements of their cultures fit into this area. Keep in mind that success can hide inefficiency and that the true causes of success are sometimes erroneously attributed.

Now at least one element of Google culture, allowing employees the time to work on pet projects that many benefit the company, may have a proven track record. 3M allowed this for decades and many useful products emerged. Google may follow 3M's lead, but it is a little early to pass judgement.