Slashdot Mirror
When Big Brother Watches IT
bdking writes "In an effort to protect sensitive data from internal security threats, some organizations are 'using new technology to look at the language of their IT staff's emails to determine whether their behavior or mind-set has changed,' the Wall Street Journal reports. Is secretly spying on and linguistically interpreting employee emails going too far in the name of security? From the article: 'I understand the need to be aware of the attitudes of workers with high-level access to data and networks, but this strikes me as creepy. What if an IT employee suddenly has relationship problems or family issues? Will they then be flagged by HR as potentially troublesome or even a data security risk? And all without them even knowing there's a dossier being created of them and their "suspect" behavior?'"
Wouldn't it just be cheaper to not treat workers like shit?
Table-ized A.I.
If an HR department can install and manage software that interfaces with a companies email without IT knowing about, that company has bigger security concerns. If IT manages it, IT can circumvent it.
What if an IT employee suddenly has relationship problems or family issues?
There's definitely something suspicious going on when IT employees have relationships, nevermind relationship problems.
"I understand the need to be aware of the attitudes of workers with high-level access to data and networks, but this strikes me as creepy. What if an IT employee suddenly has relationship problems or family issues?"
Not commenting on whether monitoring employee emails is right or wrong, but why would somebody use their corporate email account to deal with relationship or family issues? In a world where companies can and often will read their employees' emails, that anyone would use their work email for anything personal seems short-sited. Sign up for one of the free web-based mail accounts.
HR isn't going to install and maintain this, and many of the people this is supposed to watch will be involved. If you hire a 3rd party to install, maintain, and monitor, will you trust them more than your employees with such information? Even then, is IT going to expend infrastructure setup and maintain network services for a black box with no "critical" (since IT doesn't know about it, it can't be classified as critical- HR doesn't make that call) function?
Nor is this a new complaint. Waaaay back, before many Slashdotters were born, a little-known two-tone group penned the following lines regarding abuses of this kind by governments and corporations alike:
Seems to me that nothing has changed in the intervening years. Things haven't gotten worse, the younger generation is merely seeing the problems that the previous generation did.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
That's why I never send personal email on the company's system. I also don't keep any personal files on the company supplied computer nor do web browsing on it. It's a hassle sometimes, especially when I need to carry around my personal laptop. And, in reverse, I never do "work" on my personal computers. While I don't think my company is spying on me, I go by that assumption because they can start at any time without my knowledge. It's my way of mitigating that risk. In general, I think it's also a good way to keep my personal life separate from work. I learned that years ago during some stress reduction workshops I participated in.
IT Guy: Sir, it would be wise to install abc software on our system, for increased security. Boss: We can't do that right now. It doesn't fit the budget. IT Guy: What about installing xyz software then? Its cheaper and could be useful... Boss: Nope. We can't do that either. Maybe next year. Boss simply walks away. Disappointed IT Guy's email language/wording/length changes a bit as a result... HR Person: Sir, our software is reporting that XX from the IT staff is having a mind-change. Boss: Really? XX? Well, we'd better look into that. Maybe I should fire the guy outright. You never know with these mind-changes...
Why did the chicken cross the road? Because Elon Musk put an AI chip in its head.
I got suddenly canned from a sysadmin job when I showed signs of irritability and started requesting half-days off here and there. Except in this case it was because my boyfriend was critically ill, and they knew that. They just didn't give a fuck.
http://alternatives.rzero.com/
The it security team trumps the it sysadmin team.
---- Booth was a patriot ----
All that will do is raise the entry bar for people coming in the industry ( and keeping many out ) and raise the overall cost of IT.
Unions do have their place. An IT shop is not one of them.
---- Booth was a patriot ----
In Washington state, anyway, the email of all us state employees is considered to be part of the public record... so in theory this sort of monitoring would be relatively easy to implement. Funny thing is - as a Washington state employee, I feel less vulnerable to this sort of snooping than if I were employed by a private company.
#DeleteChrome
...do yourself and your admin a favor and get rid of him/her. He/she won't like working for someone who doesn't trust him/her, and you won't like constantly being suspicious.
I've given that advice to all my clients over the years. You can extend the concept to the rest of your IT and/or security team. That doesn't mean you shouldn't take precautions, have checks and balances in place, etc, but fundamentally, if there isn't a high level of trust, deal with the lack of trust, either by discussing it until there is an understanding and trust, or by ending the relationship.
Secretive monitoring is not the way to handle a lack of trust. The only exception is when there is already probable cause to believe a crime has been committed, then, in some cases, monitoring to gather proof may or may not be necessary or appropriate.
make imaginary.friends COUNT=100 VISIBLE=false
A more important question is why would anyone take anything said at "ITWorld" as factual?
It's not just ITWorld's say-so. They cite this WSJ article, which also says so.
Il n'y a pas de Planet B.
Unions do have their place. An IT shop is not one of them.
You should really try to be more open-minded about such things. Maybe even consider moving to Sweden, where nearly everyone is entitled to union representation whether they bother to join one or not.
When we got bought, and the new owners tried to take away nearly all my benefits, my IT workers' union did a pretty good job of nipping that nonsense in the bud. Maybe I should show my appreciation by signing up and paying them the ~$25 per month they want as dues for actual membership. That's only about 2% of what I would have lost if they'd not gone to bat for me.
Il n'y a pas de Planet B.
I'll ask the question again:
Has anyone here run into this before? What vendor?
That Wall Street Journal article reads more like an advertisement.
I don't know about you but I've often worked on systems at 3am. And on weekends. And holidays.
Anyone in IT who sends a credit card number via email needs to be fired any way. They're just too stupid to have on staff.
Anyone sending anything at all like that through COMPANY email needs to be fired any way. They're too likely to cause a problem with legal discovery should a different lawsuit pop up.
And so on. So I'll ask again, has anyone here run into this before? What vendor?
'That the "enemy within" is the biggest threat to an enterprise is nothing new...'
dossier's of 'suspect behaviour'
"It has gotten to the point where we have to monitor everything everybody does, especially those working with sensitive data like the IT staff,"
WTF? In my years in IT I've never experienced this sort of paranoid 'treat your employees like potential threats' attitude. But then I've never worked in the US. Is treating your people like humans, keeping them invested and paying them fairly just an outdated, naive notion over there?
I believe this was more of an analysis. They fed thousands of time stamped memos into an algorithlim. The idea was to look for differences in speech pattern or word choice in reference to the conspiracy.
What they found in Enron at least was that as people behaved increasingly corrupt they became increasingly formal with each other. Casual comments tended to be innocent ones where as memos concerning the corruption tended to unusually professional.
Personally, I don't care what the company does with my corporate email. Scan away. It's so boring that I understand why they want to have a computer read it instead. And who knows, they might actually uncover a problem.
Obviously people will be worried about false positives. But I doubt anyone is going to take the computer's opinion as gospel. Likely, the computer will just point to a given collection of emails and suggest management read those specifically. Where upon management can decide if they have a problem or not.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
Huh? All I'm saying is that ITWorld apparently didn't make this stuff up out of thin air. They cite WSJ, and WSJ provides quotes and attributions for same. ITWorld may or may not be a paragon of virtue. I tend to be sceptical of ITWorld's reporting generally, myself, but can't find fault with them in this particular instance.
Let me tell you about something called "journalism", just in case you've never heard of it or worked in the field yourself. (It so happens that I worked in broadcast journalism for some years.) Yes, the ITWorld story constitutes an example of correctly and responsibly done journalism: ITWorld provides a cite, and their source is a very well-known publication which has been around for quite a long time, and which in turn provides a number of cites of its own, including names, firms they work for, and positions held at those firms. This is how journalism is done. In journalism, "I've {never|always} heard of..." does not cut the mustard; having quotes from people who are willing to identify themselves while going on record does.
You are free to verify with Chip Whatshisname at DoucheBagCo whether or not he (a) actually said what the WSJ claims he did and, if so, (b) was telling the truth when he said it and was not taken out of context. But don't blame me or even ITWorld if it turns out to be a fabrication, distortion, or even some truth that happens not to be to your liking.
As for me, I think the story's a plausible one, although I reserve the right to change my mind if and when I encounter convincing evidence to the contrary. A veiled accusation of having some sort of hidden rightwing political agenda by some J. Random Internet Fuckwad does not supply it.
It's actually pretty funny, given that my politics are just slightly to the right of Leon Trotsky and that I don't especially try to keep that a secret around here, or in real life, for that matter.
Il n'y a pas de Planet B.
Isn't the real problem that yet another non-scientific unproven analytic tool is going to be deployed in an attempt to discern what people are really thinking? There may be lots of reasons why someone's language changes, including events in their personal lives that have no relationship to work as long as they continue to carry out their duties competently. Imagine being called to the bosses office or HR to "explain" why your behavior has changed when you may not have realized the change yourself, and it has nothing to do with work. Failure to provide a satisfactory explanation will result in greater suspicion of your intentions, especially if the system that detected your behavioral "abnormalities" was sold with the understanding that it really could spot bad eggs before they cracked.
"Server three choked on the db backup again, looks like D filled, bodged a script to tidy crap from temp folder on nightly before AV, it'll buy a couple days before the new HDDs arrive. Throw the whole DB there during weekend DT. Also, don't forget it's LP on Sun - make sure to get the steam DLs first this time."
he's wearing no clothes? This comes across more "covering my ass" than addressing a real need/vulnerability.
"Give a woman two glasses of wine and some pad thai, and they'll agree to just about anything." the Sports Guy
...my first job was as a sys-admin for a small office, the boss had me install VNC to all company machines, mainly laptops for the sales folk, office manager etc. He would actually monitor them himself from time to time (while his office was 4m away).
;)
I protested but my warnings went unheeded, of course for some weird reason VNC "didn't work" on my machine.
It goes without saying that I got the hell out of there first chance I got and everyone else slowly followed.
...or, alternately, they could try to hire some managers who could actually connect with their staff, earn their respect and trust, and garner honest points of view from the staff. If their staff are really communicating, they shouldn't need to use third party systems for analyzing the language in their communication.
I simply hope that the executives at those companies may consider whether the novelty of such systems makes it worth their cost, in comparison to more traditional means for getting to know the staff's actual point of view.
Maybe for an "upper level" filter, it should scan for the use of the word "muppets" in emails...