When Big Brother Watches IT

bdking writes "In an effort to protect sensitive data from internal security threats, some organizations are 'using new technology to look at the language of their IT staff's emails to determine whether their behavior or mind-set has changed,' the Wall Street Journal reports. Is secretly spying on and linguistically interpreting employee emails going too far in the name of security? From the article: 'I understand the need to be aware of the attitudes of workers with high-level access to data and networks, but this strikes me as creepy. What if an IT employee suddenly has relationship problems or family issues? Will they then be flagged by HR as potentially troublesome or even a data security risk? And all without them even knowing there's a dossier being created of them and their "suspect" behavior?'"

kick 'em when they're down

[tverbeek]

What if an IT employee suddenly has relationship problems or family issues? Will they then be flagged by HR as potentially troublesome or even a data security risk?

I got suddenly canned from a sysadmin job when I showed signs of irritability and started requesting half-days off here and there. Except in this case it was because my boyfriend was critically ill, and they knew that. They just didn't give a fuck.

Speaking as a state employee

[93+Escort+Wagon]

In Washington state, anyway, the email of all us state employees is considered to be part of the public record... so in theory this sort of monitoring would be relatively easy to implement. Funny thing is - as a Washington state employee, I feel less vulnerable to this sort of snooping than if I were employed by a private company.

Re:Security

[JDG1980]

The it security team trumps the it sysadmin team.

This assumes a rather large company. Many organizations have one sysadmin who handles security issues as part of their job duties, or just a handful of "IT guys" who more or less handle everything. The library I work for has about 100-150 employees total; the notion of a separate "IT security team" and "IT sysadmin team" is ridiculous for an organization of this size. Our IT department is 6 people total.

Re:An old enough industry to require unions

[Zontar+The+Mindless]

Unions do have their place. An IT shop is not one of them.

You should really try to be more open-minded about such things. Maybe even consider moving to Sweden, where nearly everyone is entitled to union representation whether they bother to join one or not.

When we got bought, and the new owners tried to take away nearly all my benefits, my IT workers' union did a pretty good job of nipping that nonsense in the bud. Maybe I should show my appreciation by signing up and paying them the ~$25 per month they want as dues for actual membership. That's only about 2% of what I would have lost if they'd not gone to bat for me.

Re:Prevention cheaper

[PopeRatzo]

In this case they are talking about detecting fraud with people who have level access to the books â" think rouge trades and embezzling employers. However, from the article fraud comes from âoeincentive, rationalisation and opportunityâ. You try to hire competent, well paid staff and put in controls. However, eventually you hit limits.

One limit you hit is that mechanisms like you describe and like the ones in this article are never applied to top management and the board of directors. So, the ones who are in the greatest position to hurt the company the most are left out of any security regime.

And if you tried to put such mechanisms in place for the top people, they would all simply refuse, and nobody is there to call them on it, because everyone else at their level has the same attitude. This is one of the biggest dangers of income disparity. When it gets beyond a certain point, the elite "break away" from the social mechanisms and requirements.

They did something like this to the Enron Execs

[Karmashock]

I believe this was more of an analysis. They fed thousands of time stamped memos into an algorithlim. The idea was to look for differences in speech pattern or word choice in reference to the conspiracy.

What they found in Enron at least was that as people behaved increasingly corrupt they became increasingly formal with each other. Casual comments tended to be innocent ones where as memos concerning the corruption tended to unusually professional.

Personally, I don't care what the company does with my corporate email. Scan away. It's so boring that I understand why they want to have a computer read it instead. And who knows, they might actually uncover a problem.

Obviously people will be worried about false positives. But I doubt anyone is going to take the computer's opinion as gospel. Likely, the computer will just point to a given collection of emails and suggest management read those specifically. Where upon management can decide if they have a problem or not.