Slashdot Mirror
When Big Brother Watches IT
bdking writes "In an effort to protect sensitive data from internal security threats, some organizations are 'using new technology to look at the language of their IT staff's emails to determine whether their behavior or mind-set has changed,' the Wall Street Journal reports. Is secretly spying on and linguistically interpreting employee emails going too far in the name of security? From the article: 'I understand the need to be aware of the attitudes of workers with high-level access to data and networks, but this strikes me as creepy. What if an IT employee suddenly has relationship problems or family issues? Will they then be flagged by HR as potentially troublesome or even a data security risk? And all without them even knowing there's a dossier being created of them and their "suspect" behavior?'"
Wouldn't it just be cheaper to not treat workers like shit?
Table-ized A.I.
If an HR department can install and manage software that interfaces with a companies email without IT knowing about, that company has bigger security concerns. If IT manages it, IT can circumvent it.
Let me guess. the same people who can modify the software to have it analyze emails from HR email accounts instead of IT email accounts.
What if an IT employee suddenly has relationship problems or family issues?
There's definitely something suspicious going on when IT employees have relationships, nevermind relationship problems.
"I understand the need to be aware of the attitudes of workers with high-level access to data and networks, but this strikes me as creepy. What if an IT employee suddenly has relationship problems or family issues?"
Not commenting on whether monitoring employee emails is right or wrong, but why would somebody use their corporate email account to deal with relationship or family issues? In a world where companies can and often will read their employees' emails, that anyone would use their work email for anything personal seems short-sited. Sign up for one of the free web-based mail accounts.
24 hr video in home surveillance with special emphasis on the bedroom
I got to the chocolate box before you, that's why the hard ones have teeth marks.
HR isn't going to install and maintain this, and many of the people this is supposed to watch will be involved. If you hire a 3rd party to install, maintain, and monitor, will you trust them more than your employees with such information? Even then, is IT going to expend infrastructure setup and maintain network services for a black box with no "critical" (since IT doesn't know about it, it can't be classified as critical- HR doesn't make that call) function?
Nor is this a new complaint. Waaaay back, before many Slashdotters were born, a little-known two-tone group penned the following lines regarding abuses of this kind by governments and corporations alike:
Seems to me that nothing has changed in the intervening years. Things haven't gotten worse, the younger generation is merely seeing the problems that the previous generation did.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
That's why I never send personal email on the company's system. I also don't keep any personal files on the company supplied computer nor do web browsing on it. It's a hassle sometimes, especially when I need to carry around my personal laptop. And, in reverse, I never do "work" on my personal computers. While I don't think my company is spying on me, I go by that assumption because they can start at any time without my knowledge. It's my way of mitigating that risk. In general, I think it's also a good way to keep my personal life separate from work. I learned that years ago during some stress reduction workshops I participated in.
IT Guy: Sir, it would be wise to install abc software on our system, for increased security. Boss: We can't do that right now. It doesn't fit the budget. IT Guy: What about installing xyz software then? Its cheaper and could be useful... Boss: Nope. We can't do that either. Maybe next year. Boss simply walks away. Disappointed IT Guy's email language/wording/length changes a bit as a result... HR Person: Sir, our software is reporting that XX from the IT staff is having a mind-change. Boss: Really? XX? Well, we'd better look into that. Maybe I should fire the guy outright. You never know with these mind-changes...
Why did the chicken cross the road? Because Elon Musk put an AI chip in its head.
Clearly IT is now an old enough industry to require proper union representation to protect workers, who may be very intelligent and capable in their line of work, to have reasonable terms and conditions in their contracts of employments (legal faff that they aren't knowledgeable in) so that they aren't screwed over by such systems and mechanisms.
I got suddenly canned from a sysadmin job when I showed signs of irritability and started requesting half-days off here and there. Except in this case it was because my boyfriend was critically ill, and they knew that. They just didn't give a fuck.
http://alternatives.rzero.com/
The it security team trumps the it sysadmin team.
---- Booth was a patriot ----
This is really nothing new when it comes to IT in large corporations. In the past there has been similar stories of companies hiring other IT people to spy on their IT department, the only difference is that now its cheaper for them to buy a program to do it for them.
In Washington state, anyway, the email of all us state employees is considered to be part of the public record... so in theory this sort of monitoring would be relatively easy to implement. Funny thing is - as a Washington state employee, I feel less vulnerable to this sort of snooping than if I were employed by a private company.
#DeleteChrome
A more important question is why would anyone take anything said at "ITWorld" as factual?
Has anyone here run into this before? What vendor?
All of their examples seem wrong. The length of an email will change based upon the circumstances of that email. Is it advisory? Is it for documentation? Is it CYA?
Some companies take screenshots of what is on your computer all day long. Now they want to peer into your email as if it were an inkblot and predict your behavior. It is best to work elsewhere as that company employs paranoid people who somehow got into the position to spy on people and convince management that is a good thing instead of just seeing if the assignments are completed each day. These are the same companies that put 4 levels between you and getting a quick answer. Procedures are to be followed! Tell the customer you will get back to them in a day or two instead of a minute or two. You will go farther elsewhere. If you stay you risk being slandered by these paranoid people.
Every time I log into my employer's network I get a popup window that states: "You should have no expectation of privacy". I take it seriously.
Only if you are replaceable.
Lots of people can do the same job as you do. Some do it better. Hopefully you're good enough at it that more than 50% will do it worse.
And at the same salary (or lower).
AND has your knowledge of the systems and the "why were they set up that way" tricks and traps so that they don't cause any unexpected down-time trying to "fix" something that is not really broken.
I respond differently depending on who it is I'm responding to. There's the usual site wide formal email. Then there's the technical email to the bossman. There are also the jovial type that go to the close co-workers. I think you're just better off using keywords to look for "problems". If they start to use the work "fuck" or "kill", maybe have a closer look.
...do yourself and your admin a favor and get rid of him/her. He/she won't like working for someone who doesn't trust him/her, and you won't like constantly being suspicious.
I've given that advice to all my clients over the years. You can extend the concept to the rest of your IT and/or security team. That doesn't mean you shouldn't take precautions, have checks and balances in place, etc, but fundamentally, if there isn't a high level of trust, deal with the lack of trust, either by discussing it until there is an understanding and trust, or by ending the relationship.
Secretive monitoring is not the way to handle a lack of trust. The only exception is when there is already probable cause to believe a crime has been committed, then, in some cases, monitoring to gather proof may or may not be necessary or appropriate.
make imaginary.friends COUNT=100 VISIBLE=false
I'll ask the question again:
Has anyone here run into this before? What vendor?
That Wall Street Journal article reads more like an advertisement.
I don't know about you but I've often worked on systems at 3am. And on weekends. And holidays.
Anyone in IT who sends a credit card number via email needs to be fired any way. They're just too stupid to have on staff.
Anyone sending anything at all like that through COMPANY email needs to be fired any way. They're too likely to cause a problem with legal discovery should a different lawsuit pop up.
And so on. So I'll ask again, has anyone here run into this before? What vendor?
'That the "enemy within" is the biggest threat to an enterprise is nothing new...'
dossier's of 'suspect behaviour'
"It has gotten to the point where we have to monitor everything everybody does, especially those working with sensitive data like the IT staff,"
WTF? In my years in IT I've never experienced this sort of paranoid 'treat your employees like potential threats' attitude. But then I've never worked in the US. Is treating your people like humans, keeping them invested and paying them fairly just an outdated, naive notion over there?
"While I don't think my company is spying on me, I go by that assumption because they can start at any time without my knowledge. It's my way of mitigating that risk".
iSPY on YOU
I do think my company is spying on me, lucky I only ever use the CEOs account and there's an easy way of bypassing the webproxy. Seriously though, if the company is spying on email usage and lets say someone starts to browse AIDs sites, dontcha think they are gonna fire him before he starts dipping into the medical insurance fund?
I believe this was more of an analysis. They fed thousands of time stamped memos into an algorithlim. The idea was to look for differences in speech pattern or word choice in reference to the conspiracy.
What they found in Enron at least was that as people behaved increasingly corrupt they became increasingly formal with each other. Casual comments tended to be innocent ones where as memos concerning the corruption tended to unusually professional.
Personally, I don't care what the company does with my corporate email. Scan away. It's so boring that I understand why they want to have a computer read it instead. And who knows, they might actually uncover a problem.
Obviously people will be worried about false positives. But I doubt anyone is going to take the computer's opinion as gospel. Likely, the computer will just point to a given collection of emails and suggest management read those specifically. Where upon management can decide if they have a problem or not.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
Research and simulations have shown that the optimal strategy for group behavior is Tit for Tat.
Wikileaks for the win!
One should always assume that emsil sent via an employer-owned device is monitored. Eemployees should not be sending non-work related emails via such devices. An employer should not expect to be able to monitor emails sent from employee-owned devices. Employee owned devices should not br brought to work, or if they are, they should only be turned on/used during breaks.
Employers should never expect employee-owed devices to be used for work-relted tasks, and employees should never use employer-owned devices for non-work related tasks
For example: I might bring my cell phone to work, but it will be turned off or left in a locker except for break times. If I need a cell phone for work, my employer will have to provide one, which they have the right to monitor the use of.
If I buy a tablet or a laptop, It will not be taken to work nor be used for work-related stuff. If I need a tablet or laptop for work, my employer will hsave to provide it. Most people do not need a laptop, tablet, or cell phone for work. A desktop computer and the company wired phone are sufficient. I will keep 100000% control of my own devices, no employer will ever have access to them nor will they ever be used for work-related tasks.
Isn't the real problem that yet another non-scientific unproven analytic tool is going to be deployed in an attempt to discern what people are really thinking? There may be lots of reasons why someone's language changes, including events in their personal lives that have no relationship to work as long as they continue to carry out their duties competently. Imagine being called to the bosses office or HR to "explain" why your behavior has changed when you may not have realized the change yourself, and it has nothing to do with work. Failure to provide a satisfactory explanation will result in greater suspicion of your intentions, especially if the system that detected your behavioral "abnormalities" was sold with the understanding that it really could spot bad eggs before they cracked.
"Server three choked on the db backup again, looks like D filled, bodged a script to tidy crap from temp folder on nightly before AV, it'll buy a couple days before the new HDDs arrive. Throw the whole DB there during weekend DT. Also, don't forget it's LP on Sun - make sure to get the steam DLs first this time."
Especially music that fits the topic to a tee???
APK
P.S.=> Ah yes, there's NOTHING QUITE LIKE having a "stalking/harassing/trolling" fanclub that mods down your posts, trolls you later by ac, & thinks they're "fooling everyone" on how it's done (ala moddown, logout of your "registered 'luser'" account, & troll after by AC): "Huge Trick" that, lol!
Please... oh, it even gets better!
Multiple sock-puppet account users galore are in use here too, ask tomhudson = Barbara, not Barbie, or clone52431 = clone53421 & of course, the irreplaceable (lol, cuz he has so many of these) MichaelKristopeit (with his 500++ user accounts) & more...
If anyone questions that? Look up each user name posted here. I can show quoted evidences of them doing it (especially tomhudson):
tomhudson = stalks /. posters via ac troll replies
"Wait until he starts on another kick, then reply to him as an AC. It's the new meme". - by tomhudson (43916) on Sunday May 09 2010, @08:29PM (#32150544) Homepage Journal
QUOTED VERBATIM DIRECTLY FROM -> http://slashdot.org/comments.pl?sid=1646272&cid=32150544
"BTW - if you're going to tell this guy to stop spamming his hosts file crap, make sure you do it anonymously" - by tomhudson (43916) on Saturday April 16 2011, @11:45AM (#35840680) Journal
QUOTED VERBATIM DIRECTLY FROM -> http://slashdot.org/comments.pl?sid=2086920&cid=35840680
---
tomhudson & crew from trolltalk.com also CHEAT THE MODERATION SYSTEM HERE, & others noted it also -> http://slashdot.org/comments.pl?sid=2236608&cid=36442386
"I do whatever amuses me at the moment. Sometimes that is trolling. As far as AC? I only do that to avoid undoing moderations." - by gmhowell (26755) on Wednesday April 20, @12:49AM (#35877174) Homepage
---
So - HOW do they do it?
---
Well, they mod one another up (even IF it's TOTAL bullshit they said, or for trolling). That's the easy part & HERE THE PROOF OF IT:
http://slashdot.org/comments.pl?sid=2212152&cid=36361542
PERTINENT QUOTE/EXCERPT from "mcgrew" (another "trolltalk.com" alternate registered 'luser' account guise these idiots keep & in this case, to upmod "webmistressrachel" when she was being destroyed by downmods):
"I just get a boatload of mod points sometimes (excellent karma) when I don't comment too prolifically. I used five or so on you, but they were comments worthy of being modded up, anyway. - by mcgrew (92797) * on Tuesday June 07 2011, @08:27AM (#36361542) Journal
QUOTED VERBATIM FROM -> http://slashdot.org/comments.pl?sid=2212152&cid=36361542
---
NOW, & I'll let one of their OWN, in "countertrolling" (obviously just another fake username they have here/another account) even say how they do the reverse (downmod others & troll them):
"...posting AC undoes mods... Not if you're logged out... " - by countertrolling (1585477) on Sunday June 19 2011, @11:56AM (#36491652) Journal
QUOTED VERBATIM FROM -> http://slashdot.org/comments.pl?sid=2245866&cid=36491652
So, in essence folks (just like the guy above noted that the "trolltalk.com" bunch's posts get upmodded wrongly?) They do the following to cheat the mod system AND to harass others:
1.) Downmod someone
2.) Logout
he's wearing no clothes? This comes across more "covering my ass" than addressing a real need/vulnerability.
"Give a woman two glasses of wine and some pad thai, and they'll agree to just about anything." the Sports Guy
So we better make sure to monitor the drones better. Why is Dilbert so correct http://www.youtube.com/watch?v=0WTkltRfphM
'using new technology to look at the language of their IT staff's emails to determine whether their behavior or mind-set has changed,' Are you going to ask IT to run the the software that monitors IT? Sounds like a position I want.
We're better at this sort of thing than management. By a lot. We're also a damned site more noble. We don't have much to fear, really. They do. Perhaps we should be using semantic analysis to discover cases of consumer fraud, tax fraud, influence trading, and misappropriation of funds.
Stop-Prism.org: Opt Out of Surveillance
...they're convincing themselves that their social media inferential trackers work as advertised too.
Sometimes people make the craziest underlying assumptions.
It was about engineers tasked with operating atomic piles. There was so much surveillance that they wondered if starting to shave from a different side of your face would be enough to trigger an intelligence alert.
when i pay your salary, so STFU
...my first job was as a sys-admin for a small office, the boss had me install VNC to all company machines, mainly laptops for the sales folk, office manager etc. He would actually monitor them himself from time to time (while his office was 4m away).
;)
I protested but my warnings went unheeded, of course for some weird reason VNC "didn't work" on my machine.
It goes without saying that I got the hell out of there first chance I got and everyone else slowly followed.
My boss is a huge f*cking asshole!
Alert: Subject has altered adjective. Suggest further surveillance.
Have gnu, will travel.
The Countermeasures wear against this could really up the ante. If the Idiots Accidentally Placed In Charge are stupid enough to think they can outsmart their IT staff doing this, then Whoohooo!! Game Onnnnnn!! You could pump so much FUD up the pipe into their tiny craven little plastic minds that... man, this opens a vector for possibly hacking a corporation from the INSIDE.
He gained a strange obsession with that clown.
Thank god that I always begin my emails with, "dear fucksack".
"A government is a body of people usually -- notably -- ungoverned." -Shepherd Book
...or, alternately, they could try to hire some managers who could actually connect with their staff, earn their respect and trust, and garner honest points of view from the staff. If their staff are really communicating, they shouldn't need to use third party systems for analyzing the language in their communication.
I simply hope that the executives at those companies may consider whether the novelty of such systems makes it worth their cost, in comparison to more traditional means for getting to know the staff's actual point of view.
You know you're quite mad actually. Unfortunately, it's in a *really* boring way.
Don't use your work computer for personal reasons. Ever.
Uh oh.....
Then the well runs dry. All this does is habituate people to the idea that they must present a facade when online, which it turn only causes these approaches to be worse than useless, with false negatives everywhere.....
Well, some US federal agencies have... the GSA for one. ;-)
friends. As someone who has 10 years of IT Operations experience with 5 years being IT Security experience. I can tell you one rule I live hard and fast by, I do not use my work email for anything related to family matters. After the things I have seen with divorces, relationship arguments, bankruptcies, etc. I do not put anything that deals with my personal life on my work system. If I want to communicate with friends and family I use my smartphone.
The only "personal" things I do from my work system is the occasional shopping at Amazon or reading favorite sites.
Simple, keep home and personal issues off of company assets, not that hard.
P.S. On more than one occasion I have had to restore an employee's email due to court order because of nasty divorces, criminal investigations, etc.
I am not very good at being brief and concise so my emails tend to be really long .Managers have said they would like me to be more brief. So I wonder if I improve my emails and make them more concise, whether I will be flagged as being crazy and fired as a security threat. The WSJ article mentioned by Ernst and Young and HHS. I recently did IT work for HHS and Ernst and Young were hired to come in and do security audits. It was a bout of 23-24 years olds fresh out of college who read from a script. The HHS federal employees tried to do what they said just because they said it. When I tried to say we should think about a security policy that actually protects data, no one was the least bit interested. They just didn't want to give the 24 year olds reading from a script something they can use to point fingers at them. It was a total waste of my tax money. I am glad I did not send an email saying that because then I might be flagged as being disgruntled and fired as a security threat. Ernst and Young is selling garbage. If you want a security audit, do not hire them.
I work with data, so I have alot of security rules on me. Some of them are good ideas, many are just there because well its written somewhere. I have asked how does this protect security and I get a blank stare. This has happened on several jobs sites in the public and private sector. The idea is to follow the rules so you can go 'not my fault' instead of what is a good idea.
I guess turnabout is fair play.
Maybe for an "upper level" filter, it should scan for the use of the word "muppets" in emails...
Whose going to implement this solution for them?
Here are some simple, but often overlooked facts: 1) The tyrannical corporation you work for is completely fascist. There's not even the pretense of bothering to hide that from you and there never has been. 2) Your company tells you they'll monitor your communications on their network, in no uncertain terms. 3) You allow "right to work" (aka right to get fired for no reason) laws to pass in your state. 4) You bitch about the SIZE of government constantly (you know, the only thing that can regulate your fascist, tyrannical company) 5) You hate unions and think they have no place in the modern world (they're only responsible for every benefit you've ever had from working) 6) Without protest you allowed corporations to achieve "personhood", without so much as a pitchfork or torch showing up at the supreme court. And NOW you take issue with how they'll collate some data?
Is secretly spying on and linguistically interpreting employee emails going too far in the name of security?
Secret monitoring of employee's comunication isn't illegal in the US?
Here in Czech rep., company can monitor it's employees but it has to publicly declare what exactly is going to be monitored and some things like personal emails (yes personal emails on work computer) cannot be monitored at all.
This is like Breach of Privacy being made legal.
The security guards at our building look folks in the face each day to see if they're having a bad day or not.
One of the things that would tremendously improve security but is totally against privacy is to have each worker inform the building when they are breaking up with a girlfriend/boyfriend or filing for divorce. Most of the workplace shootings are over mundane crap like that. Of course, Big Brother isn't actually interested in _workplace_ security, just profit security.