Slashdot Mirror
Employee Monitoring
CWmike writes "Michael Workman, an associate professor at the Florida Institute of Technology's Nathan M. Bisk College of Business, estimates that monitoring responsibilities take up at least 20% of the average IT manager's time. Yet most IT professionals never expected they'd be asked to police their colleagues and co-workers in quite this way. How do they feel about this growing responsibility? Workman says he sees a split among tech workers. Those who specialize in security issues feel that it's a valid part of IT's job. But those who have more of a generalist's role, such as network administrators, often don't like it. Computerworld contributor Tam Harbert found a wide variety of viewpoints from IT managers, ranging from discomfort at having to 'babysit' employees to righteous beliefs about 'protecting the integrity of the system.'"
Monitoring other employees computer usage - one of the many non value adding tasks that have found their way into large corporations. It ranks up their with human resource departments!
You have to know when to police people. For example I only talk to people when their porn viewing habits get so strange that it started to expose the company to all sorts of lawsuits.
Society is growing used to more extensive monitoring overall. We monitor our babies with webcams. The webcams are then used in schools to monitor class rooms and playgrounds. When we grow up, we rename them security cameras and appoint low wage individuals as our watchmen.
In some areas of the world such as the UK, computers are already being used to analyze the images from the security cameras. Storage capacity grows, and data gathered from the image analysis are stored for a lifetime. They can be used to enhance the analysis of your children's children. The ones which protests are considered suspicious with "something to hide". The ruling class are the only ones exempt from monitoring.
In the next step, computers are used to analyse images from private bedrooms and bathrooms. After all, who needs to worry about privacy when it's only a computer watching. It's all about protecting us from the boogey man. Think of the children!
Resistance is futile. You will be monitored.
Tell your friends about xenu.net
That's what you think, Fido. I'll just shut the curtains, shorten your chain around that tree, and let you eat grass until you stop peeing on my carpet.
"He goes through the logs to see if there's anything in there that needs to be exposed or discussed." Activity related to porn, gambling or hate speech automatically raises red flags, he says.
He once caught an employee who was engaged in criminal activity involving intellectual property that could have resulted in a big financial loss for the company.
Many years ago, I was in the company's server room talking to a buddy and he mentioned that an employee was taking up quite a bit of drive space - with porn. The guy had a problem. All you need is one guy with a problem like that to download some kiddie porn and your business will be shut down and you go to jail - over an employee with a problem. The guy I mentioned was talked to and I think he was asked to resign.
Observers say IT managers can expect to be asked to take on even more monitoring duties, such are reviewing video surveillance, examining text messages, tracking employee location by GPS or listening in on social media.
That's going too far. Come on - a Stalinist company?!?
Larger companies have started to hire third-party firms to monitor what's said about them in the blogosphere and on social media sites, but in many midsize and small companies, this duty could fall to IT.
That's also going too far. It's one thing what an employee does on company time and with company's resources, but they do on their own time - as long as it's legal shouldn't be a company's business.
RIP America
July 4, 1776 - September 11, 2001
As I tell my customers when they ask, "You can't fix behavioral issues with technology." If employees want to waste time instead of working, they can surf the web or send chain emails. Take that away, they can play solitaire. Take that away, they can gab around the water cooler or stare into space and day-dream. Blocking porn and gambling sites is probably a good idea for liability purposes, but I can't see that it helps productivity.
Most frequently I'm asked to look at log files or email and tell employers things that I simply cannot know. I can tell them that an employee didn't log in to their PC until 10am, but I have no way of knowing when they actually arrived at work.
Unless you are working for a fortune 500 company whose image is often worth more than its current product line up, who cares? The only filters I have ever ran at a company I did IT for was for a list of of words that included, Lolita, Child Porn, Underage, No-nude and Preteen. We caught one contractor during the 8 months I worked there and it was his personal laptop, so we contacted the FBI. He was arrested on suspicion and they found enough Child Porn on his home computers that we never heard about him again, I moved before it could be brought to trial.
People surf porn at work that is just going to happen, if there work does not suffer and they are adults it is far more worthwhile to spend time worrying about security which can get you in real trouble.
An Education is the Font of All Liberty
I personally don't care what other people do in general. I am not their boss, and it's not my job to police what they do during work hours. I do keep logs, so if a person's manager wants to see what they've been doing I can give them a report. The only thing that I personally care about is employee behavior that may compromise my network. I do watch TCP traffic for abnormalities, and do have a black list of sites that will alert me if someone tries to visit something dangerous. Other then that, I really could care less if someone spends half their day on Facebook. It's not my job to make sure that other people are working...
If a man isn't willing to take some risk for his opinions, either his opinions are no good or he's no good
When it comes to being employed, though, bosses and managers have always watched their employees to some degree -- that is, of course, the purpose of being the boss. A good boss knows what sort of things are worth confronting an employee about -- maybe it is OK for someone to be chatting with their sweetheart, as long as their work is getting done, but maybe it is not OK for someone to be watching their sweetheart stripping in a video chat even if the work is getting done.
TFA raises a slightly different issue: when one employee is asked to monitor the others. Sysadmins should not be asked to take on the responsibility of watching employees; that is a manager's responsibility. If the manager is not technically competent to monitor computer use, then there is a question of why that person is managing people who use computers for their work -- the manager should be competent with the equipment.
Palm trees and 8
...our Boss does not want to monitor our employees.
However, as IT we know that SOME monitoring has to be done. We have found out that MOST of our monitoring does not even need to take place. We simply restrict access through Active Directory and DNS.
I'll try anything once. Twice if it tastes good
we pretend to work; they pretend to pay us
Domestic spying is now "Benign Information Gathering"
If production output cannot be monitored then most businesses would like to monitor the distractions.
I had one company I was doing some extra work for on the side pull me into the managers office to question me about the number of personal calls I had during work hours. I understood their point but kindly related that it was my girlfriend who I would talk to and I worked while I was on the phone. Which is basically me saying yes, uh huh, and wow for about 20 minutes just to make her happy. Btw I work 2 full time jobs doing tech work. Which they understood before me entering.
I don't blame them for wanting to get the most for their money but the days of the I pay you to do this and only this are well gone. There are a lot of things they expect outside of the hours I'm payed for. If i have to keep up on like education, events, practices without compensation then it is a trade off.
Eventually I resigned after I worked 2 weekends of overtime remotely for them. I was suppose to be paid but they tried screwing me over and not paying me OT. I eventually got paid, but from my standpoint the Employer has all the leverage.
Since today's job world is so intertwined with technology, yes, its now part of the job of IT.
---- Booth was a patriot ----
Honestly, in the IT departments I've worked in that do care about monitoring, it really lets you easily know who has fascist tendencies (not surprisingly, they also tend to be severe hypocrites). That's not to say that anyone who cares about monitoring has fascist tendencies, but there are certain types of people who really seem to relish the power/authority that monitoring gives them.
The real problem with official monitoring duties is that you have to send the results to management instead of the local newspaper, or maybe a television show.
I am officially gone from
and they hire some wanker to perform a six-figure vapor-job such as "business development" and I find his user/IP spending 5 hours out of the day on time-wasting sites, that's when I take the report to the COO. Don't hack and slash IT resources to let some slacker take up my bandwidth with car races on YouTube and 360.
underpaid (if only in my mind): check.
bitter on weekdays: check.
vindictive: check.
I worked IT at a mortgage company run by someone without much in the way of morals. He wanted a print-tracking solution to monitor who was printing and what they were printing. As it happens, I later worked for a company which provided this exact solution, but ultimately it didn't matter because what he wanted was something he didn't want to spend any actual money on, and at the time any solutions were resource-intensive for a file and print server running on a then-midline Pentium 166 MHz, so it would have required spending money on hardware upgrades, too.
He wanted this solution to protect his leads, which he was convinced were walking out the door from employees taking them and selling them to his competitors; ultimately, it was one of those cases of suspecting other people were doing exactly what he would have done in their situation. I suspect there's a fair amount of this attitude, and it's probably more common in smaller businesses than Fortune 500 companies, who are generally more interested in liability.
It comes with a worker's willingness to work for you. If he WANTS to actually work for you instead of just getting paid for spending time at your office, he will work. Else he will do a half assed job, surveillance or not.
If you give your employees freedom and the ability to actually enjoy working for you, they will be much more productive. Because they WANT to be productive. Because they WANT your company to be successful, because that means they can keep that job. Sure, you will always have the ones that slack off, and not putting an eye on them constantly sure gives them an easier way to do that. But their coworkers, the ones that actually want to work for you and do want your company to thrive because it means a good, enjoyable job for them, will quickly identify such slackers and they will do the surveillance for you. Peer pressure can be quite powerful, to the point where your slackers will quickly realize that it's not the boss but the other employees that get angry with him if he's not pulling his weight. Plus, you can do without the investment in cams and surveillance staff. Your workers will do that for you. For free.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
How many workers really need an Internet connection at their desktop? Probably not nearly as many as corporate America thinks. In many offices, I'd wager that having a few, very public Internet machines for work-related research would solve most of the problems without a loss of privacy on a daily basis to workers.
For most workers, I bet it's not only a bad temptation on their desk, but not even necessary. A lot of offices would probably be better off if communications had to be done more infrequently and more thought-out instead of as fast as someone can write up an email and add recipients.
It happens, and if it's not done by IT monitoring just gets done elsewhere. The thing that baffles me is that people are surprised when it happens. All that being said they have much stronger laws on privacy in Europe than here in the US and you have to be aware of international laws for such things. You can rack up some pretty serious legal fines or jail time depending on what country your employee is working in, and even more if the data is brought back to the US (as we have horribly weak privacy laws). If your not careful you can readily have violations of HIPAA, SEC rules or SOX as well.
All that being said, when monitoring inevitably comes up, your job is never to say 'no'. If you do that they will simply find someone else and you will have damaged your career. Your job is to ensure that if it has to happen it happens in full compliance with the letter of the law and any special rules that affect your organization. You'd be surprised at the dollar amounts fines start at, it can easily be six figures. After presenting all the legal requirements to perform a given piece of monitoring to your management, don't be surprised if they back off altogether.
Monitoring has it's place, I try to encourage managers to use monitoring tools like a surgeons knife, not a chainsaw. I've known of employee backlash that can cause significant employee relations damages to organizations when tools were used overly broadly. And for crying out loud, if your at work, assume your being monitored and work accordingly. Whether you telecommute or otherwise, you never work in a vacuum.
So, only "sick porn" as you define it is not ok?
Beastiality fine.
Gay porn - fire the guy!
Definitely the way any company IT Data Security rep should behave.
we pretend to work; they pretend to pay us
Unless our paychecks (and the money we get when we cash them in) are a figment of our collective imagination, there is strong physical evidence that suggest they indeed do pay us. Maybe not in imaginary worlds, but certainly in the real one.
The security personnel are in charge of maintaining the health of the network and its related assets from a Security standpoint.
The problem with monitoring employees, is that you find people enforcing their own beliefs and requirements with what they think is inappropriate. That results in various personnel interpreting the rules differently, which is unfair to the people being monitored.
Also, its not our job to monitor what people do, its up to the management structure of those people to make sure they are being productive and doing their jobs. Only when what a person puts the network at risk, should security personnel ever get involved.
I came, I conquered, I coredumped
Time is money. Information is money. Liability can mean loss of money.
Cashiers in banks and many businesses are under constant observation, has been that way for decades.
I am in the IT field, and I have been working with the assumption that whatever I am doing, 100% of it, it has been recorded. Although I am pretty sure (LOL, you never know!) that isn't happening. But I have always felt I should do nothing at work that I couldn't defend. I shouldn't be doing anything to be embarrassed over. I should be doing WORK anyway :)
Now I agree, outside of work, shouldn't be observed. Although I view myself as a professional and I do feel I shouldn't do anything to embarrass my company on social sites. Those sites are public. Especially if I advertise I work for a company on a social site, I should do anything that would cause harm to my company.
Don't get me wrong, if the company abuses this and questions every little mistake...it is time for me to find a new job.
Then be prepared to follow a very boring monotonous time consuming "PROCESS" :) Which I wil have to fill out forms get manager approvals Fine by me. More money wasted.
I realize it's a matter of perspective... hell I've filled both roles so I know how it goes. However, the "generalist network admin" is monitoring employee actions and behaviours already. If they're not, then they're not doing a very good job. The perspective difference comes in the fact that most of the time said generalist is doing reactive monitoring, not proactive. As a result, the network admin typically does not realize that someone is attempting to compromise systems until the attempt is already occurring. There is a certain amount of proactive monitoring that the generalist does, but it tends to be limited.
Proactive monitoring at the employees desktop or application level does sometimes tend to highlight trends in employee actions before they get anywhere in a compromise situation. That means that the good generalist with a wider scope will be able to predict much better that problems are or will be occurring and take appropriate actions.
Now, the upper management trend of monitoring just to see exactly what their employees are doing... this I also think is fair so long as the rules are advertised and applied evenly. Remember, we are at work doing a job because we can and do. We are using company resources to do so, and we are paid for our work. I'll leave the conversation about whether we're paid enough to the individual, but I would contest that the best paycheck you're going to get from the job is about the same or less than everyone else in your field and location are demanding. Economics at work.
There is a point at which the monitoring becomes too much. I know my web habits are monitored by my management but I feel I have nothing to hide. I can justify every site I visit and the length of time I spend on those sites because when I'm at work, I'm working. I save personal web surfing for breaks or lunchtime and my management understands there are a few personal websites I visit on a frequent basis. Like Slashdot. I have worked in a much stricter environment where they absolutely stated no personal web surfing at work, and that was also fine because I just found other things to do during break and lunch. Note that I was also far more likely to go out and take my 1 hour lunch because of this policy... my current work environment's policy of "personal stuff OK at lunchtime" means that typically I'm at my desk during lunch so if something comes up, I'm here.
Maybe I'm just getting old, but I think the summary and the article are making generalizations that cannot be supported in the real world. Even when I started out as a junior network admin some 20 years ago give or take I understood the need and desire for monitoring employees. Since I also owned my own business for a while, I know what that desire is like but recognize that there's a balance to be found between "big brother" and "free reign".
> Unless our paychecks (and the money we get when we cash them in) are
> a figment of our collective imagination,
Well, actually... unless you get hard gold-backed cash in your hand then yes, your pay is imaginary.
I refer the Honorable Gentleman to the concept of Money Creation
we need a -1 *WHOOOSH* mod
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
What the hell are you going to do with gold when the zombie apocalypse comes? Eat it?
No, your currency needs to be backed by canned beans.
When it comes to being employed, though, bosses and managers have always watched their employees to some degree -- that is, of course, the purpose of being the boss.
No, it's not. The purpose of being a boss is to set direction for and co-ordinate those who work under you, so that the individual contributions all advance the overall plans.
There is a certain type of person who does think that being the boss is primarily a power trip/disciplinary role. Such people usually live in middle management in large companies, because they are basically a waste of space. Small companies can't afford to have the dead weight, and large companies won't promote them to a level where they can do any serious damage but usually have too much bureaucracy to effectively detect and fire them.
Trust is a prerequisite for any employment relationship. If you don't trust the people working for you to do what they are supposed to without routine monitoring, then you have bigger problems than whether the monitoring itself is justified. Indeed, one could make a reasonable argument that routine monitoring implies a breakdown in the fundamental trust relationship between employer and employee, which would itself be immediate grounds for a constructive dismissal lawsuit in this country.
I can understand running automated tools to prevent, say, leakage of sensitive data. I can understand running automated tools to scan incoming data for viruses. This sort of thing is, sadly, reasonable for protection and sometimes necessary for legal/regulatory compliance in the modern world. However, it should rarely if ever disrupt an employee going about their business, and no-one else should be directly involved unless a problem is detected.
I can understand general performance monitoring. Recognising staff who do well is valuable. Helping (not attacking) staff who underperform is valuable. Firing staff who underperform and cannot improve is, unfortunately, sometimes necessary. But none of this stuff requires intrusive, minute-by-minute monitoring and recording of the kind we're discussing here.
The only time direct, intrusive monitoring is used should be when there is already a credible level of evidence of serious wrong-doing, and confronting the employee about that wrong-doing directly would prevent proper investigation. And in those circumstances, I tend to ask why the company is letting some next-line-up manager or IT/HR goon do the intrusive work. If it's that serious, the higher-ups should be calling the authorities, or at the very least passing a case file to internal security/legal staff who are required to handle the investigation with suitable discretion and a lot of accountability.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
This is really great post. taller 4 idiots
This is really a non-issue. Every so often we hear that there's a new problem or new approach to solving a problem. Names change but solutions remain the same. Whether it's grid technology or cloud or distributed computing or what have you, the "paradigm" may change but many times the technology is relatively unchanged.
For monitoring employees the obvious solution, though perhaps no longer a "hot" tech, is to install SNMP on each employee. If privacy is a concern, ensure that SNMPDv3 is used. This solves not only the more general problem of availability, but the beauty of SNMP is that it can be customized for each employee. You can now easily report back on CPU (i.e., brain) utilization, idle percentage (coffee breaks), etc.. SNMP also allows a "write back" so that the monitoring station can send information back to the client/employee.
I'm disappointed that this was not mentioned.
What the hell are you going to do with gold when the zombie apocalypse comes?
Bludgeon the zombies with the gold, classy and effective.
"He is so stupid. And now back to the wall!" Moe Szyslak
The average, typical IT tech lacks the "touch" when it comes to employee monitoring. Give the monitoring tools, or reports from such, to the HR guys, whose ultimate responsibility this should be.
Employee monitoring is in the position today where web page creation was 15-20 years ago. It was an "IT Function," because the tools were new and computer-y. Eight million "blink" tags and six hundred thousand animated "under construction" GIFs later, the tools made their way over to the Marketing and Creative Services people, and civilization lurched forward.
Of course, there were always the techs who fancied themselves designers, from whose fingers the tools had to be pried away. I suspect there is more than that many techs who have gotten more than just a little bit comfortable wearing the Big Brother jackboots as well...
They could also accuse the company as being a front , such as here
So again, you are wrong.
RIP America
July 4, 1776 - September 11, 2001
I was given a task of trying to find a way to monitor pc usage time and what apps were being used, for how long, etc.
I got my hands on spector 360 which is a great app, and the engineers there are very up to date with all the kernel hooks and such, so when you need a customized or specific task, they understand what you are about.
I also was asked to set up certain reports to show what activity was going on (spector does this on its own) ,my boss became his own policeman. Better the boss review any materials then any biased person at the company. He can also decide what recourse to take...in the end i found spector very good tool, except it always needed admin privileges to run, which i could not understand why they did that, but all in all very useful tool.
So a chore that would have been a full time job became my bosses passed time, all i had to do was maintain the installations
and the rest was so user friendly
Or one of several cynical views.
You could take the anti-monitoring view and just bury all but the most egregious stuff or whatever minimum is necessary to keep from looking like you're not doing your job, up to and including submarining the monitoring effort through "problems" with the monitoring setup that require constant upgrades, maintenance and activities that take you away from your "real" job and render monitoring semi-worthless. People you like could be quietly advised that their computer is being flagged for "performance problems" and they should avoid "non-work tasks".
You could take the "info on my enemies" view and look at as a chance to dig dirt, keeping the juiciest info for yourself and passing along the trivial stuff, using the juicy info to damage enemies.
The thing I think is weird is that you get exposed to all the pervs in the office. I found one guy who was highly respected, married with a young child, a church-type who was into some weird sex thing where he swapped half-nude self-shots with other guys dressed in expensive suits and jacking off. This guy made six-figure coin and there was always a remote temptation to confront him with his pix and collect a second, cash-only income less his wife and pastor get in on the picture collection.
But I decided extortion wasn't my thing and figured anyone driven by that kind of sex craving and keeping up that facade was taking all the punishment he needed.
Greetings and Salutations....
A few years ago, one my my clients asked me to generate lists of the websites their employees had been on, and, how long they had spent on the sites. Since I run an in-house DNS server, not that hard to get. Well, I ran the reports for a few months, then, the project was quietly dropped. Why? It turned out that the only folks that spent significant amounts of time on porn sites and other non-business sites were the President of the company (who had ordered the reports) and his wife, the CFO of the company.
And THEY were burning a LOT of time on non-business related entertainment and shopping!
What was really amusing to me about this was that these two folks had the attitude that they were the only ones doing anything positive for the company, and, the employees were the enemy - and were spending all their time trying to steal time and resources away from the company, cutting down on profit margin!
Regards
Dave Mundt
YAB - http://blog.beemandave.com/
You know, I'm SO sick of the total bullshit line of reasoning that people like you keep giving for gross violations of our privacy, not to mention keeping people like me from doing my job.
Okay, so your company has a policy of not allowing me to browse porn on the Internet, woohoo. Why is it that you jump to the conclusion that the only way to make sure this doesn't happen is to monitor every single web site that I browse? Why can't you just have a policy of, hey, if management has some reason to think that KingSkippus might be up to something, then look for something fishy?
Ponder this. I'm pretty sure that my company also wouldn't like me browsing porn magazines at work. They'd probably get quite irate if, in the middle of the day, I pulled a Hustler out and started flipping through those oh-so-sweet pages. So is the only answer now to have security guards posted at every door to pore through all of my possessions as I come and go, making sure that I have no porn in my physical possessions? I also carry a 4 GB USB drive everywhere I go with some basic troubleshooting tools and electronic copies of documents that I like to have on me at all times. Every time I enter the building, should I be strip searched and, when such a thing is found, every file inspected to make sure that I don't have dirty pictures on it?
No, the whole "We must monitor EVERYTHING!" is just a BS policy made because people like you get off on your power trip.
Legally, it's really simple. You create a policy that says that if you're caught browsing porn on the Internet, you get fired. Managers back it up with action by, when people are caught browsing porn, they fire the person who was doing it. There's no need for stupid ass content filters, treating everyone like they're 13 year olds, to ensure this policy, any more than there's a need for strip searches or searches of all physicial possessions. If a company gets sued--and make no mistake, they will get sued no matter what policy they have--they show the judge the policy and their record of upholding it, and that's that.
I defy you to actually cite these throngs of "all sorts of lawsuits from sexual harrassment to violation of ethics laws," especially the ones where the court found a company liable because they didn't have a content filter in place with people like you watching everything everyone is doing instead of enforcing the policy when violations were reasonably found Big Brother-style. As long as we're talking anecdotally, you know who I've heard does the most browsing of porn on the Internet? High-level management. True story: at the company where I work, most of the executives have been given explicit exemption from our content filters. As for the "ethics laws" joke, discover the wonderful world of "situational ethics" and then explain to how you're protecting a company that deliberately puts a clause that says, "From time to time, the firm may waive certain provisions of this Code" in its Code.
The truth of the matter is that my company spends WAY more on content filters and salaries for people to set them up and monitor them, not to mention the cost to the business when they break and the Internet becomes completely unavailable, than it would on bogus lawsuits that would have been brought anyway. The whole "you need content filtering to protect you" is a scam perpetrated by content filtering companies and people like you who would probably lose your job if management figured out the truth and actually cared. (And, more importantly, did their job of dealing with these issues instead of foisting them on the IT group.)
Back in the mid-90s, my boss read an article that explained about how login scripts could be used on Windows 3.11 to do things like delete Solitaire and Minesweeper and replace the desktop background with a forced company standard. The next thing I
At my last place, I'd often work a bit of overtime in the evenings, and I came to know the security guards quite well. I had to walk past the block they were based in, so I'd always pop in and say hello (and usually ended up chatting for an hour or more).
By contrast, there was some shiny-suit type in that same building who, if he even acknowledged the guard's existence, would give him (and me) a filthy look and keep walking. Naturally, one guard started wondering what use this guy was... and filmed him through the window, from the CCTV camera on the opposite building. For an hour. On overtime. Surfing porn. I didn't see Shiny-Suit Guy after that.
Moral: if you're going to misbehave at work, keep Security sweet :)
To quote Doug Gwyn, "UNIX was not designed to stop its users from doing stupid things, as that would also stop them from doing clever things."
In Unix, one of the design principle is that you can do anything, even something insecure and stupid, but we can always find out what you did and whack you over the head.
Auditing what your users do so you can diagnose an error later is roughly O(n) with the number of errors. Predicting what users should be allowed to do and granting them permissions is maybe O(n^2) or worse with the number of things allowed. It works, but only for small numbers of allowed things. Watching everything users do doesn't scale at all: worst case, you could need as many sysadmins as users, O(n) with number of users.
--dave
davecb@spamcop.net
AT&T doesn't even let you see the web except for a few whitelisted sites.
Their filter allowed *.org (like slashdot.org) and a few comic sites, so while there was downtime, a few employees would try to find something they could read.
Unfortunately, for the management of the day, this was unacceptable because it was "wasting bandwidth"
See, that I have to bone to pick... If you are not going to provide the employee with something to do during downtime, this behavior happens and is preferable to SNOOPING AROUND the company systems. So after being warned about that stupidity, I instead started reading all sorts of stuff management had in "readable to everyone" places using the company's own search engine.
So instead of reading about what calvin and hobbes might be doing, I instead read about potentially damaging internal policy that the management couldn't tell if I was reading it or internal policies.
Gee thanks.
This same call center also prohibited people bringing in books.
It isn't just pornography that is blocked. What surprised me about the web-filtering at my work place was blocking of political sites of the far right, like The Occidental Observer Blog, The Occidental Quarterly Online, and Vdare.
Vdare isn't even that extreme. They are pretty mild in their criticism of Jewish power. Their main focus is on immigration and its harmfulness to our country.
Basically, if you like this sort of thing, you are a sociopath in serious need of a boot party. If you don't, you are a reasonably well-adjusted adult.
Because my work does not mind if we browse internet, access web mail, download/upload files, install software (we are all administrators on our computers), listen to online radio, watch the word cup etc. and we also all have VPN access to our computers from anywhere to do some work in crazy times of day if we feel so inclined.
They treat us as well paid professionals and expect results from us. We are supposed to deliver on agreed deadlines and we usually do. So, if I read Slashdot from time to time, check the news or chat to my wife here and there for a few minutes, and it does not affect my productivity (i.e. I'm not doing my job to the standard or above expected of me in this company) then no one sees it as a problem.
It's only in rare instances when people don't perform satisfactorily that questions arise how are they spending their time and what is wrong in general (but still no one monitors them even then).
I find this freedom really helps with the moral of the people, the sense of trust in you as individual it provides, and it liberates you to be creative. If you have an issue with this much freedom and could not control yourself and spend ALL your time online playing games and looking at porn, then you probably should be monitored and you most likely would not get though our interview process anyway.
As a matter of fact I don't think I could work for a company that does not treat me as a responsible adult and a professional. Imagine if hospitals monitored their doctors to make sure they are not checking personal email or make sure they are not telling nebulous lies to their patients? It's kind of the same.
As the island of our knowledge grows, so does the shore of our ignorance.
Sorry for the double post, but I did want to say a few more important things.
I don't mean to imply that all IT security people are on power trips. I know a lot of them, and my job has me working with them a lot. Most are fine, upstanding, ethical people. A lot don't like doing what they are mandated to do by their corporate overlords. Most only do so as much as they have to.
But they're a bit like cops, as most cops are fine, upstanding, ethical people. Still, there are a few who really get off on how much access and control they have, and they use it every chance they get. They're the ones who like to brag to me, "Watch how I can access this random Schmo's desktop. See? They don't even know I'm doing it!"
I'm also not pretending like there should be zero interference with the network. I'm painfully aware of the problems that viruses, trojans, worms, phishing scams, etc. pose. The only reason I would ever advocate having a content filter is for that purpose only, blocking sites that are literally dangerous to be accessing, stuff like malware sites. I'm also for virus scanning, as that's a necessary evil as some people still do stupid things and not 100% of security threats can be caught.
What I object to, though, is this philosophy that we have to protect companies from people wasting valuable time or productivity. That's not IT's job, that's management's job. If I want to check my e-mail from work, there's no reason why I shouldn't be able to check my damn e-mail. I also carry a smart phone and an iPad, so you really can't keep from from checking my e-mail anyway. (Or for that matter, goofing off with the many, many games that are available to me. Or for that matter, even--gasp!--browsing porn!)
I'm just sick of companies spending stupid amounts of money to save pennies in productivity and grossly violate people's reasonable expectation of privacy. It's not right, and given the GP's defense of such policies, it sounds like he has already drunk the corporate kool-aid.
If the BOFH has taught the IT world anything, it's to always monitor your co-workers. This provides potential means for extortion if there would ever be talk about you being fired or replaced as well as an easy and effective way to climb to the top at startling speeds.
Would you hug a bear?
No, the whole "We must monitor EVERYTHING!" is just a BS policy made because people like you get off on your power trip.
For some? Sure. There are always going to be petty bureaucrats who enjoy power-trips.
But that's hardly the only reason for that type of policy. Here are a few I know of off the top of my head:
As you may be able to tell, I have been responsible for setting up some such monitoring at my company in the past (though it has since fallen into disuse, largely because we laid off 3/4 of the employees...). Though I have no problem with a certain amount of incidental web browsing, there were people who were spending essentially the entire day streaming video (which clobbers our relatively small pipe), browsing MySpace, or playing Flash games. And yes, a couple who would browse porn. (And then there were the one or two who would download games to install onto their computers which turned out to be viruses. So we'd have to clean their computers and explain that that was bad. And then they'd go and install the same bloody virus-ridden game. Again.) It's one thing to poke around a little—or post on Slashdot—but when there's urgent business that needs doing, and it's not happening because you're goofing off...I mean, yeah, that's an issue for HR, eventually, but it seems to me that it is IT's responsibility to at least take basic, reasonable steps to see that those specific temptations are not available.
Dan Aris
Fun. Free. Online. RPG. BattleMaster.
We pretend to work, they pretend to pay us
Is an old expression from Soviet Russia
I disagree. It's the function of a security professional. It's the function of someone who has no axe to grind with the employee, who can be impartial, and who, at best, moves in an entirely different world from the employee. Las Vegas casino security employees don't, for example, fraternize with the frontline employees.
Monitoring needs to be fair for a whole bunch of reasons that should be obvious and don't bear wasting time on in this post. Fairness, however, is difficult to achieve when the person doing the monitoring is known to or works with the employee.
Again, I disagree, and not just with the notion that the manager is doing the monitoring. Fair monitoring requires a statistically valid sample of data (something most managers can't figure out) to be reviewed by someone who doesn't know anything about the employee (again, removing managers from consideration) and this is best done with some rather esoteric sampling and reviewing tools. Asking a manager to learn such tools is a silly distraction from their core duties.
If the monitoring function turns up something interesting, then and only then should managers become involved. At that point, managers consult with monitors and provide their feedback on whether the situation is a harmless part of the job, worth more extensive monitoring, or cause for action. Making judgements like that is what managers do; not staring at a terminal trying to decide if a sample of web pages accessed is part of their employees valid duties.
Of course, managers also monitor job performance. If an employee is performing suboptimally and the manager suspects computer misuse, then that manager should be able to drop a note to the security function and request heightened monitoring. Actually *doing* the monitoring, however, should still remain a task done by someone outside the regular work-process loop.
I can see this one from both sides. On the one hand, I work for a privately-owned mid-sized manufacturing firm that wants to retain its familial feel and allows for limited, periodic personal use of network resources. Some members of management here want me to install web monitoring software to keep tabs on their direct reports' usage habits, but I've resisted because there's no one here to take on the monitoring.
At the same time, I lose many hours each week troubleshooting issues caused by users who misuse their network access, whether intentionally or through ignorance. I have one user who regularly chokes our Internet connection (an aDSL connection) because he floods our mail server with forwarded crap, often sending multiple messages that are each 5Mb or larger to dozens of recipients. He reports directly to the president, who is a primary source of many of his forwarded messages. Even though one of the president's biggest pet peeves is when our Internet connection is slow, his own actions contribute to the problem.
Then there are the Facebook-aholics, who bring in more than their share of malware. I've had to clean the head of HR's PC from the Zwinky Toolbar, Smilely Central, and countless other trojans over the past few months. Infections returned mere days after deploying a new machine, demonstrating that the user was not abiding by our computer use and network security policies, and was ignoring all of the training I provided regarding the sourse of such infections.
Returning to the other side, being the only one here in the IT function means that everone knows who is doing the monitoring and reporting things to management. When you're trying to build a relationship with your customers (in this case, other staff) based on trust, it's much harder to do when employees view you as a snitch who they perceive to be out to get them in trouble. It's also ulcer-inducing stuff. I need to walk into the president's office in a few minutes and talk to him about his direct report, the one who keeps forwarding junk through our servers. Of course, in doing so, I'll also be (directly or indirectly) pointing the finger at the president, who is smart enough to realize his part in this (that he's the source of many of the messages) and that if I've seen one user's misuse, I've likely seen his as well.
I'm looking forward to the day when we can deploy Windows 7 here, so we can move away from the user-as-Admin model, but many of our core line-of-business application vendors don't yet support Windows 7, so I'll just keep on keeping on.
It's hard to teach fire prevention when you spend most of your time fighting fires. Something needs to give.
I use irony whenever I can, but my shirts are still wrinkled...
Ideally it's not the job of the IT guys but that of a trained and outsourced security officer. A large security company has all the routine and resources to maintain this operation, and a reputation to uphold.
Plus the guards are actually very unlikely to go rogue, to comment on what they have seen, or to be the worst culprits themselves.
You can have the regular IT crew keep an eye the security staff if you feel the need.
All rites reversed 2010
I just finished reading the Zombie Survival Guide and no where in there does he mention the use of gold bricks as a weapon, but I think you're on to something here. Just because the world has turned into a disease ridden hell hole full of the undead corpses of those you once loved doesn't mean you can't protect yourself in style. You, good sir, are a visionary.
What the hell are you going to do with gold when the zombie apocalypse comes?
Bludgeon the zombies with the gold, classy and effective.
Given that gold is one of the softest metals available, I take issue with "effective". Sure, Zombie's brittle bones will shatter if hit with a log of fresh goat cheese, but what happens if you accidentally connect with a Non-Zombie Item (NZI)? The NZI will wreck your Zombie Defense System (ZDS), and then welcome to the Great Zombie Army (GZA)...
You are in a maze of twisted little posts, all alike.
You are correct. I thought about it AFTER I hit submit. Please to forgive.
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
A brick sized amount of gold is around 40 pounds.
Yes it's soft, but it's super dense. If you can make a hollow sledgehammer out of something strong then fill it with gold, you could bludgeon someone's head off in one good smack.
How does this work? I don't get how companies would 1) know what your blog or social network ID is, and 2) how would they have access to it?
There are 11 types of people, those who know unary and those who don't.
That's why my second job is paid in trade.
They pretend to pay is correct, because it's such a small fraction of our creative productivity's worth.
Pulsed Media Seedboxes
> Unless our paychecks (and the money we get when we cash them in) are > a figment of our collective imagination,
Well, actually... unless you get hard gold-backed cash in your hand then yes, your pay is imaginary.
I refer the Honorable Gentleman to the concept of Money Creation
Well, I guess everything I possessed that I've paid out of my salary and that I own in full (as opposed to what I own in credit) is also imaginary. Enter the Matrix!!!
What the hell are you going to do with gold when the zombie apocalypse comes? Eat it?
No, your currency needs to be backed by canned beans.
Screw canned beans. Back in my countries we back that shit up with chickens and hogs!!!
Years ago, my employer had a CCTV camera in my work area.It watched the main entry and a hallway of offices. I used to stand under the camera at 6 AM every day and scratch my butt very vigorously. After 6 months of this, they removed the camera. Nobody ever said anything about it. See, there's more than one way to beat the system!
C|N>K
It's called fiat currency. What that basically means is money has value only because people say it does. "That's a good deal" is a daily example of this.
I worked IT for a fairly large (4500~ employees) company before moving to a programming position. I was only responsible for a very small subset of the company (300~ employees). I found a fair amount of porn on company laptops. My favorite case was when I found pornography of the employee and their significant other on the company laptop. The person had used the software that came with the camera to export the files which they diligently removed from the computer. However, they did not remove the copies in a temp folder in the camera software's install directory. I was re-imaging the laptop the was virus riddled but first I was backing up the documents for the user.
Did I report the employee? Did I run to management? No. The drive got re-imaged and those files were NOT ones I backed up for them. The end result was that the drive was wiped and the images were off the company laptop. Why didn't I report it? Well, this was in a satellite office of sales staff. It was one manager and three sales people. All of them were male. One of the community offices supply filing drawers was full of Playboy magazines. Pornography was definitely acceptable in this office and the salesman's girlfriend's shaved coochie was nice break in my otherwise boring routine . .
No harm, no foul.
There is nothing "real" about gold-based currencies either, you know.
To have a right to do a thing is not at all the same as to be right in doing it
I love people like yourself who build up these straw-men, but have no CLUE why things are done the way they are, you just like to bitch about someone else being in control. There is a reason we don't let people like you make decisions that matter, because you are incapable of seeing the big picture. You make great Techs, bad admins.
That being said, there are admins out there who are glorified babysitters. No one has the time to watch all web traffic and make a human judgment on it. iPrism has good lists where people actually categorize the sites so I don't have to do it. I am a BIG proponent of educating my HR departments on what is acceptable and what is ethical. Employees should be able to surf and browse as long as it does not endanger the company. If an employee is found to be having trouble keeping up with their workload, we as an IT department, will provide logs of their activities for Evaluation. This is a CYA scenario, otherwise the employee in question just states how they are overworked and HR can do nothing.
There are also lots of bad admins out there who put bad policies in place. They webfilter but never block outgoing ports. Or they disable CD-ROMs but not USB drives.
Your old boss is a prime example of this, but win 3.11 was very early in the game and people had not learned from the mistakes back then. We are getting better now, but wont get really good until the upper management from that era cycles out.
To sum up, monitoring everything you can is essential in many businesses. CYA, Audit trails, and metrics are all good reasons. big brother antics make up for maybe 1% of it. The rest is just being throughough so when someone claims you sold or stole data you can prove otherwise, I personally can clear someone quickly if they get accused of stealing. I can also prove neglect. But it is up to a manager to start the process. Most likely if I am pulling up your activities, you already got caught doing something pretty nasty.
CS: It is all sink or swim...oh and did I mention there are sharks in that water?
I don't mind monitoring people for the right reasons as long as they know they may be monitored. I make sure people know they can be monitored and that anything they do with the computer in their office might be recorded. Generally this monitoring only gets used if there's an obvious problem. For example, storage on our file server went up really quickly and we found an employee had been saving vast amounts of music and videos. Or the network is getting a lot of extra traffic and we go looking for who/what is causing it.
In other words, I think monitoring should be used to find and fix problems, not simply for the sake of monitoring and tracking people. Usually if I see a problem I'll ask the user politely to stop saving porn on our network or to stop ripping their CDs at work or whatever. As long as it's handled in a respectful manner and IT explains why they want things done a certain way, I've found most people respond really well to it.
That sounds really crazy, how are those kind of things allowed??? Is there no expectation of privacy in your workplaces? Sounds even worse than China to me...
GP was referring to the fact that you can easily convert from fiat currency to "real" products, thus rendering the whole "imaginary" part false. In other words, you can talk out of bank every payday carrying nothing but gold bullion regardless of what fiat currency your employer pays you in .
Ignoring whether or not monitoring is good or bad: Why is it IT's responsibility to actively perform the monitoring? Of course it is their job to setup the monitoring hardware and software, but why pay an IT technician to watch people browse the web? That's like paying an optical engineer to watch someone through a two-way mirror. The engineer designs the mirror and installs it, but they shouldn't be doing the actual monitoring.
and I don't want to be the one defending it in general. But it has one redeeming feature; it should at least be unbiased. I think if I were to be fired I'd prefer it to be because there was some evidence of shiftlessness, rather than simply because someone in authority had a hunch that they "didn't like the cut of my jib".
Nullius in verba
A brick sized amount of gold is around 40 pounds.
Yes it's soft, but it's super dense. If you can make a hollow sledgehammer out of something strong then fill it with gold, you could bludgeon someone's head off in one good smack.
Yeah, but then no one can SEE it. I want the zombie bitches to see my bling!
they don't pay enough. my time is worth far more than a couple hundred bucks an hour.
If my 8 different bosses really cared about my productivity, they'd give me an office with a door and a chair that didn't hurt my back.
My employer snoops IM traffic. To avoid that, I rock the OTR encryption in Pidgin, which is interoperable with Adium and Trillian, and works across all supported services (except possibly for Skype).
Empathy does not support OTR, and is opposed to it philosophically, so IMO it's useless.
First of all:
Employee monitoring is in the position today where web page creation was 15-20 years ago. It was an "IT Function," because the tools were new and computer-y. Eight million "blink" tags and six hundred thousand animated "under construction" GIFs later...
You're really going to blame the IT people for that? Blink tags, "under construction" GIFs, psychadelic animated backgrounds, and loud MIDIs and other forms of music playing when a page loads are all the kind of thing you get when you give the shiny new tech tools to non-technical people. What you're describing is basically Geocities, and later MySpace, and generally the Eternal September phenomenon.
I don't think the situation is analogous, though, because I do think designers should have access to these tools -- though I also think that any decent website is going to require a technical person at some point. But it seems to me that the problem here is the amount of monitoring, and the extent to which we don't watch the watchers, and I doubt that moving that to another department would solve anything.
As a tech, I'd be perfectly fine handing off responsibility once a violation is found, but until one is at least suspected, why monitor at all? And once one is suspected (which should be a rare event), why not tap IT to do what they do best -- configure things, look at logs, filter information -- and then let HR handle the human factor?
Don't thank God, thank a doctor!
I spend about 80% of my time cleaning up messes caused by replies to phishing campaigns, breakins from weak or null passwords, viruses from dubious web sites, torrent servers using all the bandwidth from a building, and people who have supposedly "lost" all their email after accidentally moving it to the trash. I have the right to go through their mail and search for, say, replies to phishing emails in their "Sent" mail, or log into their PC and look for pr0n in their Bookmarks. Does that count?
Aside from that, I have worked NOWHERE (even at a big huge bank) where employee web surfing habits or emails were actively scrutinized. It just isn't worth the trouble. We thought about "saving" all incoming and outgoing email (for 8000 people), but after Management saw the price tag, that idea went nowhere.
Certain PCs in certain locations with a proclivity for mischief (library kiosk, night hours security guards, building maintenance office in windowless basement) can just be locked down.
Best countermeasure: open cubes with monitor windows facing out.
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
I've been working in IT and tech support for a long time, but I only have experience with outsourcing recently. My company cut their US based support staff by 70% and replaced them with a large number of workers in India that are paid about 1/3 of what we are.
After more than a year of this, the US staff are (still) monitored very little, except for basic statistics. The off-shore staff are (still) heavily monitored and their internet access is far more restricted than ours. The reason seems to be that the cultural differences simply require it, but I'm not over there, so I don't really know.
Any thoughts?
They live; we sleep
IT is the infrastructure of the new totalitarianism. That's what it really comes down to. We live in an era in which the wealthy and powerful dominate society and are transforming it through the corporate control of cultural production. It's the unfortunate logic of late-stage capitalism. We have built the ruling class a machine which devours liberty.
Didn't think so.
HAND.
Those of us in Security don't like it much either. What people do with the connections we give them, if it violates policy, is a management issue.
I have no problem doing a specific monitoring for someone suspected of violating policy, but to put global filters and monitoring on our entire infrastructure is a waste of time, money, and resources.
Someone mod up the parent as funny. I lol'd. HARD.
*Process is Irrelevant, Progress is Paramount*
Maybe at smaller companies, the IT staff have little to do and have the time to monitor and review logs. And big companies (i mean fortune 500); the tools are automated and no body has the time to watch what people are doing. If you try to go to more then X prohibited sites in Y period of time, your name is added to a report that comes out the next day or week. People mistype and hit redirect links all the time. Sometimes you just click on a link and find yourself at Fleshbot - yes you knew it was something NSFW, but you didn't know you were going to a porn site. No one has the time to chase these minor infractions - when you have 30,000 to 100,000 employees, even the holiest will hit a bad link occasionally.
As for the people that don't like monitoring; get over it. You are using company resources. You are free to go out to your car during lunch, fire up your personal laptop, slip in your aircard, and view all the porn you want. A previous poster seems to think that monitoring is like searching your stuff for Porno mags - well if there were a problem with people bringing it into the building and it was against company policy, then peoples desks would be searched for porn.
If people were not guilty of bad behavior, then there would be no need to monitor for it; but the internet has changed the way things work. Most people would not carry porn vids or mags into work - it has never really been a problem outside of the blue collar locker room environment. But with the internet, no one can confiscate your mags and it is so easy and free, that most people don't seem to care. Like copying music, it is just so easy that "everyone" does it; but they didn't do it on such a scale before the digital age.
I don't mind the monitoring, but if you catch people being bad, treat them all equal. Most fortune 500 companies will give an EVP a slap on the wrist (if anything); while the proles get fired for the same behavior.
That sounds really crazy, how are those kind of things allowed??? Is there no expectation of privacy in your workplaces? Sounds even worse than China to me...
Well technically, the equipment and the network belong to the company, so they're pretty much allowed to do whatever they want with it.
We have freedom here in the USA, but only from the government. There's no freedom when you're on private property, using someone else's equipment. You're free to say and do what you want (mostly) if you're walking down a public street, or in your own home, but not in your employer's office.
My rifle and ammunition say that those canned beans are mine, and that you are zombie food. :P
"I'm not sure I like the fugnutish tone you used in your post!" -RogL (608926)-
I work for a small, 50-person company. The town I live in is currently experiencing a "100 year flood" and a lot of local businesses are closed right now. Tuesday night, my employer called every worker to ask for volunteers to move heavy boxes full of paperwork out of our basement in case water started rushing in. Within an hour, about 50 people showed up (including spouses, boyfriends/girlfriends, and kids). When we were done, the boss sent out for pizza and beer and everyone hung out in the breakroom. Today, the company paid for massage therapists to come in to the office and give free massages to everyone who helped out, with all the spouses and boyfriends/girlfriends invited to come in to participate.
We don't monitor or filter our employee's Internet access in any way, other than to put a spam and virus filter on the mailserver. Our company is very pragmatic: if an employee's personal habits don't cause a problem or cut into their productivity, then the bosses don't care. Because of all this, we have the most incredibly loyal environment of anyplace I've ever worked. Our turnover is practically zero with most attrition due to people moving or going back to college. If someone did spend more time than they should doing something not work related, they'd probably get a talking-to from their coworkers before the bosses ever found out about it.
Oh, and our little 50-person company has been in business for more than 30 years, and in 2009 we processed more than a billion dollars worth of revenue. Yes, billion, as in each employee handled $20,000,000 in business on average last year.
Some companies treat their employees as adversaries and watch them like thieves. My company treats us like family members, and in exchange we treat our jobs with respect and care. We're doing so much business that we can hardly keep up with it. If I ever strike out on my own and end up hiring my own workers, I know which path I'll try to follow.
Dewey, what part of this looks like authorities should be involved?
As opposed to gold?
Ohh, shiny...
I've done web filter monitoring at two companies that had different attitudes.
One company tracked everything but blocked nothing. It was my job to review the daily logs to see who was viewing porn. Mind numbing waste of time. We were not allowed to tell people that we were monitoring. I was to print out sample images for their employee file, and typically a manager would confront and discipline or fire the person. It was all kept hush hush. I *hated* that job. I had plenty of more important things to do.
The second company blocked almost all porn (can't ever block it all) and we had to run a monthly report to see whom had the highest percentage of blocked hits every month. Then a cursory scan of what was blocked. If it was mostly ads, no big deal. If there was a pattern of repeated attempted porn usage, then they got disciplined or fired.
I loved the second company's approach. Most people stopped trying after a few block notices. Those that didn't, needed firing anyway.
I know there are always black sheep, but a basic trust relationship between management and the employees is very important and better for the morale.
If security is an issue, some security awareness training may be money better spent.
Thank you. You summed up my thoughts as both a worker currently subject to the whims of an understaffed IT department, with some filtering and who knows what kind of logging going on, and as a former IT manager that took a pretty hands off approach to surveillance.
Basically, as an employee, if you do good work, all day, and maintain reasonable productivity, NOBODY SHOULD GIVE A FUCK WHAT YOU'RE LOOKING AT OR DOING ON THE INTERNET, regardless of who owns the pipe and the box.
I will say, some employees for whom I provided IT services did browse questionable sites, and did even on occasion show me porn received either as inline images or attachments, I simply would say to them "you know, you probably shouldn't be doing that here" and walk away, because once again, these were productive valuable employees and if they like tits and ass, that's cool with me.
Somehow I think I'd make a lame cop too, as it seems most of these so called IT Security Professionals are simply on a giant ego/power trip, and are supported by micromanaging idiots that don't understand technology.
That last sentence brought home to me exactly the problem - MICROMANAGEMENT. If you can't trust your employees to complete a task without holding their hands and wiping their asses all along the way, then maybe you should do the job yourself. MICROMANAGERS SUCK.
Let me repeat this for all of you out there (and you assholes know exactly who you are) - MICROMANAGERS SUCK THE LIFE OUT OF THEIR EMPLOYEES AND KILL PRODUCTIVITY even as they think they're improving things, in their minds.
This is one hell of a rant so AC it is.
monitored
This signature intentionally left unblank.
I'm so glad I'm not an admin any more - but when I was, I had a simple solution. I posted outbound logs to our intranet in a user-friendly, easy-to-browse format. Anyone in the company could see what was popular. Pr0n completely dropped off the radar, as did (iirc) WeatherBot, or something like that. When the guy finally saw with his own eyes what a drain his stupid little app was having on our bandwidth, he uninstalled it (I probably could've forced the issue, but thought it was smarter to convince him than order him).
Jesus told him, "I am the way, the truth, and the life. No one can come to the Father except through me. - John 14:6 NLT
BTW, I was recently thinking of a system that makes the entire work time like Google's 20% time, where engineers can basically freely do anything they want, including working on any project, with little monitoring (maybe even make contributions to projects anonymous). It would be an interesting experiment to collect statistics on, though I am not sure if it will work in the real world.