Slashdot Mirror

← Back to Stories (view on slashdot.org)

When Big Brother Watches IT

Posted by samzenpus on from the cc-me dept.

bdking writes "In an effort to protect sensitive data from internal security threats, some organizations are 'using new technology to look at the language of their IT staff's emails to determine whether their behavior or mind-set has changed,' the Wall Street Journal reports. Is secretly spying on and linguistically interpreting employee emails going too far in the name of security? From the article: 'I understand the need to be aware of the attitudes of workers with high-level access to data and networks, but this strikes me as creepy. What if an IT employee suddenly has relationship problems or family issues? Will they then be flagged by HR as potentially troublesome or even a data security risk? And all without them even knowing there's a dossier being created of them and their "suspect" behavior?'"

19 of 234 comments (clear)

  1. Prevention cheaper by Tablizer · · Score: 5, Informative

    Wouldn't it just be cheaper to not treat workers like shit?

    --
    Table-ized A.I.
    1. Re:Prevention cheaper by Anonymous Coward · · Score: 5, Funny

      Wouldn't it just be cheaper to not treat workers like shit?

      This one's going on the list.

    2. Re:Prevention cheaper by JosephTX · · Score: 4, Funny

      you're confusing those types of bosses with people who see you as something more than an exchangeable cash cow.

    3. Re:Prevention cheaper by alexander_686 · · Score: 4, Informative

      It’s one of odd things – how do you monitor employees without draconian controls? I think the trust of these programs is not that they can detect fraud per say, but rather they can identify people and situations which generate extra temptation. It does not matter how well you treat your employees, if somebody develops a gambling addiction (see below) it does not matter how well you pay them.

      Here's another article.
      http://www.economist.com/node/21547833

      In this case they are talking about detecting fraud with people who have level access to the books – think rouge trades and embezzling employers. However, from the article fraud comes from “incentive, rationalisation and opportunity”. You try to hire competent, well paid staff and put in controls. However, eventually you hit limits.

      From personal experience, I know of a case in my company where a mid level middle age employee who had been with the company for over 20 years developed a gambling addiction. Over the course of 18 months she embezzled over $200,000 from the company via hundreds of transactions. She had been around long enough to know that the individual small amounts would never trigger a review

      I would

    4. Re:Prevention cheaper by PopeRatzo · · Score: 5, Interesting

      In this case they are talking about detecting fraud with people who have level access to the books â" think rouge trades and embezzling employers. However, from the article fraud comes from âoeincentive, rationalisation and opportunityâ. You try to hire competent, well paid staff and put in controls. However, eventually you hit limits.

      One limit you hit is that mechanisms like you describe and like the ones in this article are never applied to top management and the board of directors. So, the ones who are in the greatest position to hurt the company the most are left out of any security regime.

      And if you tried to put such mechanisms in place for the top people, they would all simply refuse, and nobody is there to call them on it, because everyone else at their level has the same attitude. This is one of the biggest dangers of income disparity. When it gets beyond a certain point, the elite "break away" from the social mechanisms and requirements.

      --
      You are welcome on my lawn.
    5. Re:Prevention cheaper by alexander_686 · · Score: 4, Insightful

      In my experience, as you move up the chain of command, any formalized controls become more stringent – not less. In my case, every level I move up in the company I have to disclose more, with the CEO having to disclose the most.

      On the other hand, I have found misalignment increases. CEO’s don’t (normally) need to commit outright fraud – there is a host of grey areas to exploit.

      The corporate jet is a classic example. It helps the CEO meet with clients, survey the business, saves time, etc. All of time & money will be well disclosed in the annual reports. If the CEO uses it for personal reasons, he has to pay it out of pocket. So everything is above board. Yet, who do a disproportionate number of CEO schedule official trips to Aspin during skiing season and during the summer?

    6. Re:Prevention cheaper by __aaltlg1547 · · Score: 5, Insightful

      Those are not only the people in the greatest position to hurt the company, but also those with the greatest incentive not to do so - why hurt a company that is paying you millions of dollars a year? Top management positions aren't that common that one would risk losing one.

      This flies in the face of reality. In the real world, some top managers develop such an inflated sense of entitlement that they believe they are worth far more than what they legitimately earn, deserve whatever they can take and that they will never get caught when they break the law.

    7. Re:Prevention cheaper by turbidostato · · Score: 4, Insightful

      " why hurt a company that is paying you millions of dollars a year?"

      Because they can get even more by hurting them *and* getting their golden parachutes after the havoc?

    8. Re:Prevention cheaper by Deekin_Scalesinger · · Score: 4, Insightful

      Why is any IT employee in their right minds sending our personal communications from their work computer? Come on - that's like common sense 101 stuff there, or at least, take some precautions...VPN, GPG, smartphone...

      --
      "As the intrepid kobold companion continues his journey, he begins to wonder... if priests raises dead, why anybody die?
    9. Re:Prevention cheaper by RulerOf · · Score: 4, Funny

      Because they can get even more by hurting them *and* getting their golden parachutes after the havoc?

      I wonder if I'm the only person who hears or reads "golden parachute" and gets a mental image of a CEO jumping from a burning plane with his company's stock ticker on the side, holding on to a dozen overstuffed briefcases full of cash like he's a modern-day DB Cooper. :D

      --
      Boot Windows, Linux, and ESX over the network for free.
  2. Who manages it? by GeneralTurgidson · · Score: 5, Insightful

    If an HR department can install and manage software that interfaces with a companies email without IT knowing about, that company has bigger security concerns. If IT manages it, IT can circumvent it.

  3. Pretty much proves the point by Anonymous Coward · · Score: 5, Funny

    What if an IT employee suddenly has relationship problems or family issues?

    There's definitely something suspicious going on when IT employees have relationships, nevermind relationship problems.

  4. Creepy but... by PastBlast · · Score: 5, Insightful

    That's why I never send personal email on the company's system. I also don't keep any personal files on the company supplied computer nor do web browsing on it. It's a hassle sometimes, especially when I need to carry around my personal laptop. And, in reverse, I never do "work" on my personal computers. While I don't think my company is spying on me, I go by that assumption because they can start at any time without my knowledge. It's my way of mitigating that risk. In general, I think it's also a good way to keep my personal life separate from work. I learned that years ago during some stress reduction workshops I participated in.

  5. kick 'em when they're down by tverbeek · · Score: 4, Interesting

    What if an IT employee suddenly has relationship problems or family issues? Will they then be flagged by HR as potentially troublesome or even a data security risk?

    I got suddenly canned from a sysadmin job when I showed signs of irritability and started requesting half-days off here and there. Except in this case it was because my boyfriend was critically ill, and they knew that. They just didn't give a fuck.

    --
    http://alternatives.rzero.com/
  6. Security by nurb432 · · Score: 4, Informative

    The it security team trumps the it sysadmin team.

    --
    ---- Booth was a patriot ----
    1. Re:Security by JDG1980 · · Score: 4, Interesting

      The it security team trumps the it sysadmin team.

      This assumes a rather large company. Many organizations have one sysadmin who handles security issues as part of their job duties, or just a handful of "IT guys" who more or less handle everything. The library I work for has about 100-150 employees total; the notion of a separate "IT security team" and "IT sysadmin team" is ridiculous for an organization of this size. Our IT department is 6 people total.

  7. If you don't trust your sys/network admin... by gstrickler · · Score: 4, Insightful

    ...do yourself and your admin a favor and get rid of him/her. He/she won't like working for someone who doesn't trust him/her, and you won't like constantly being suspicious.

    I've given that advice to all my clients over the years. You can extend the concept to the rest of your IT and/or security team. That doesn't mean you shouldn't take precautions, have checks and balances in place, etc, but fundamentally, if there isn't a high level of trust, deal with the lack of trust, either by discussing it until there is an understanding and trust, or by ending the relationship.

    Secretive monitoring is not the way to handle a lack of trust. The only exception is when there is already probable cause to believe a crime has been committed, then, in some cases, monitoring to gather proof may or may not be necessary or appropriate.

    --
    make imaginary.friends COUNT=100 VISIBLE=false
  8. Re:An old enough industry to require unions by Zontar+The+Mindless · · Score: 5, Interesting

    Unions do have their place. An IT shop is not one of them.

    You should really try to be more open-minded about such things. Maybe even consider moving to Sweden, where nearly everyone is entitled to union representation whether they bother to join one or not.

    When we got bought, and the new owners tried to take away nearly all my benefits, my IT workers' union did a pretty good job of nipping that nonsense in the bud. Maybe I should show my appreciation by signing up and paying them the ~$25 per month they want as dues for actual membership. That's only about 2% of what I would have lost if they'd not gone to bat for me.

    --
    Il n'y a pas de Planet B.
  9. They did something like this to the Enron Execs by Karmashock · · Score: 4, Interesting

    I believe this was more of an analysis. They fed thousands of time stamped memos into an algorithlim. The idea was to look for differences in speech pattern or word choice in reference to the conspiracy.

    What they found in Enron at least was that as people behaved increasingly corrupt they became increasingly formal with each other. Casual comments tended to be innocent ones where as memos concerning the corruption tended to unusually professional.

    Personally, I don't care what the company does with my corporate email. Scan away. It's so boring that I understand why they want to have a computer read it instead. And who knows, they might actually uncover a problem.

    Obviously people will be worried about false positives. But I doubt anyone is going to take the computer's opinion as gospel. Likely, the computer will just point to a given collection of emails and suggest management read those specifically. Where upon management can decide if they have a problem or not.

    --
    I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.