Surveillance Story Turns Into a Warning About Employer Monitoring

rtfa-troll writes "The story from yesterday about the Feds monitoring Google searches has turned into a warning about how work place surveillance could harm you. It turns out that Michele Catalano's husband's boss tipped off the police after finding 'suspicious' searches (including 'pressure cooker bombs') in his old work computer's search history. Luckily for the Catalanos, who even allowed a search of their house when they probably didn't have to, it seems the policemen and FBI agents were professional and friendly. Far from being imperiled by a SWAT raid, Catalano spoke to some men in black cars who were polite and even mentioned to Catalano that 99 times out of 100, these tip-offs come to nothing. Perhaps the lesson is to be a bit more careful about your privacy, so that what you do on the internet remains between you and the professionals at the NSA."

Alright then. Carry On.

[ObsessiveMathsFreak]

Oh I see. The man searched thinks it was all just a misunderstanding. I guess that makes it OK then.

I guess it also covers the costs in time, money, equipment and paperwork spent on a search that should never have happened. I guess it also makes up for any useful work the men involved could have been engaged in like looking for actual terrorists or investigating organised crime in the banks. I would worry about how the NSA's Ur-dragnet/Informer hotline is throwing up so many false flags that law enforcement is now too busy to deal with actual problem, but this splendidly chipper blog post had allayed all of my concerns.

I'm glad that's all cleared up then.

Re:Alright then. Carry On.

[Somebody+Is+Using+My]

Even scarier is the acceptance of NSA monitoring as evidenced by the last line:

Perhaps the lesson is to be a bit more careful about your privacy, so that what you do on the internet remains between you and the professionals at the NSA."

It's not just /known/ that the NSA is monitoring everyone's conversation, it is seen as a good thing. Of course these "professionals" are listening. It's for the good of the country that the every citizen is monitored, after all.

The bar is being set ever lower and comments like these train people to see it as perfectly alright. Increasingly I am of the opinion that this is not accidental.

Re:Alright then. Carry On.

[girlintraining]

I'm glad that's all cleared up then.

Snarking is my job on slashdot. If you called up the police and reported suspicious activity, wouldn't you feel better if they showed up and looked around? Of course you would -- that's a stupid question. Emblazoned on the side of almost every police car is the words "protect and serve". A lot of times, that means going out on a wild goose chase, or knocking on the door of a neighbor who doesn't realize his TV's turned up too loud, or even conducting a health and welfare check because some over-protective mother didn't get a call back from her daughter right away and insists "it's not normal". Most of the time, it's nothing -- but that is not time and resources wasted.

It's the job of the police to investigate, and I'm pretty sure you and most everyone else would be blowing fuses left, right, and forward, if you rang up 911 and they said "Yeah, we could come out and have a look around, but you know how expensive gas is right now, so we're gonna pass." Well, I don't know about you, but if the police show up, act in a courteous and polite fashion, ask a few questions, and then leave satisfied nothing bad is going on, I consider that a job well done. They're out in the community, flying the flag, and helping people feel safe.

That's equally important to stopping actual crime; A reputation of a helpless and inadequate police force costs a lot more than a few gallons of gas and some time spent filing a report that says nothing of interest was found. If only every police investigation could be like that...

Re:Alright then. Carry On.

[kilfarsnar]

Even scarier is the acceptance of NSA monitoring as evidenced by the last line:

Perhaps the lesson is to be a bit more careful about your privacy, so that what you do on the internet remains between you and the professionals at the NSA."

It's not just /known/ that the NSA is monitoring everyone's conversation, it is seen as a good thing. Of course these "professionals" are listening. It's for the good of the country that the every citizen is monitored, after all.

The bar is being set ever lower and comments like these train people to see it as perfectly alright. Increasingly I am of the opinion that this is not accidental.

I took that last line as being sarcastic. Maybe professionals should have been in scare quotes.

You make a good point though. Various organizations actively try to influence the perceptions and attitudes of the public; from advertisers and marketers to political parties and the CIA. And people in the media are trained to use euphemisms and mild language to shape perception. So we get "enhanced interrogation" and "extraordinary rendition" instead of torture and abduction, and "detainee" instead of prisoner. Just last night I had to laugh when Brian Williams described Edward Snowden as having exposed a "massive data-mining effort" by the NSA. Really Brian, is it just a data-mining effort, or is it spying? How something is described matters quite a bit in how it is perceived. Just ask Frank Luntz, he's made a career out of it.

Re:Alright then. Carry On.

[TheCarp]

> Well, I don't know about you, but if the police show up, act in a courteous and polite fashion, ask a
> few questions, and then leave satisfied nothing bad is going on, I consider that a job well done.
> They're out in the community, flying the flag, and helping people feel safe.

You should try living next door to my old neighbour. The problem here is the assumption that people who report things are reasonable and sane people.

The fact is, they should investigate if there is a reason to investigate and it should be more than perfectly normal behaviour (ie shopping and reading material related to recent news articles) to be suspected of anything.

The bigger problem, I think, is this notion that a terrorist attack happening is a failure of the police and intelligence services. In the end, its such a needle in a haystack sort of problem that its entirely unreasonable to think they can ever be prevented, therefore any acceptance of that reasoning that starts with they should be able to catch it, inevitably leads to excessive measures, and guarantees more excessive measures later WHEN the next one happens.

Re:Alright then. Carry On.

[0111+1110]

This comment really surprises me coming from you. Usually you seem to be on the side of good, and of liberty and privacy and presumption of innocence. You seem to be looking at things from the POV of society. I look at things from the POV of the individual, of the innocent victim of such searches. Of course in this particular case the victim was complicit in the violation of their own rights. So I have little sympathy for them.

But in a case where a search warrant is granted when it should not have been because the probably cause was pretty slight I think the victims should be compensated for the mistake. A google search should never, ever, ever be probable cause for a search of someone's home or car. The lack of permission in the constitution itself, as well as the first and fourth amendments should be protecting us from overly suspicious people invading our privacy because of something we said or wrote. An important part of the freedom of speech is that what we say, especially in an environment with at least some expectation of privacy, should not result in persecution by our government. The NSA could easily set up a system to send FBI agents with a signed search warrant, to the home of everyone who searched google for something like, "how to build a nuclear weapon". That is not the kind of society I want to live in.

The fact that it was a work associate who contacted the FBI instead of the NSA does not improve matters in my view. Such calls should simply be ignored. I have little doubt that millions of people every day search for things that other people would find suspicous. The fact that another citizen is suspicious of me does not give the government any additional rights to violate my rights. Unfortunately American society is becoming a place where we are all each other's enemies, working as government informants against each other, potentially bringing down the wrath of government agents down on us with their groundless suspicions. This case should never have happend. The FBI should never have searched anything based on a google search. That is just stupid and a huge waste of resources that would be better spent protecting citizens from real crimes. Ones with actual victims. The government agents in this case should be fired or at least demoted.

Re:Private browsing

[crafty.munchkin]

Not sure if you realise... but when you're on a work computer, all your internet requests usually go through some form of proxy server - which is how your IT department finds out what you access regularly and blocks it. Clearing your browser history is useless since every request is logged in a centralised server before it goes out to the net.

Er, no, that isn't the story

[girlintraining]

Perhaps the lesson is to be a bit more careful about your privacy, so that what you do on the internet remains between you and the professionals at the NSA.

I know you're being snarky, Slashdot, but I'd trust the professionals at the NSA over middle management any day of the week. The NSA doesn't ruin your life if it goes through your google history and finds a few keywords. It doesn't assume the worst. The NSA gathers up the data, forwards it to a team of analysts, and, seeing this kind of thing every day, make an informed and reasoned decision to either forward it up the chain, or bin it. And as your own article says: 99 times out of 100, it's nothing. That's probably a conservative estimate; There have only been a few dozen acts of bona fide terrorism in the past year or so, and if the tin foil hat crowd is right, the NSA is monitoring everyone pervasively, so it's more like 999,999 times out of a 1,000,000.

The moral of the story here is that people who aren't law enforcement are really, really, epic bad at being judges of character. Especially when you're dealing with someone whose job is often earned on something other than critical thinking skills, investigative talent, and attention to detail... three things I think most will agree you don't find in most mid-level managers. It's like how during the midst of the Boston bombing, the internet armchair sleuth crowd wrongly identified many innocent people and forced the police to divert valuable resources to take those people into protective custody while the real bomber was left unidentified. The professionals, meanwhile, correctly identified them hours later, and then took them down without any innocent people getting caught in the cross fire.

I know it's politically popular right now to say law enforcement is a bunch of clueless, authoritarian, surveillance-happy asshats, but that's a slanted view. On the whole, they know what they're doing, and most of the time they get it right. You only hear about the times when they screw up. Now, considering how low of esteem they're held in for that track record, ask yourselves about the track record of middle managers, internet armchair pundits, and vigilantes have had doing the same things... and I'm betting their reputation with you is a lot better.

Chew on that for a bit.

Re:Er, no, that isn't the story

[Mitreya]

The NSA gathers up the data, forwards it to a team of analysts, and, seeing this kind of thing every day, make an informed and reasoned decision to either forward it up the chain, or bin it.

Your cute and idealistic assessment is at odds with (at least) the fact that the gathered NSA data was dumped into a huge database where a low-level outside contractor could access all of it. I'd feel better if the data went to a team of professional analysts and not into an easily abusable database which may or may not be studied by analysts.

There have only been a few dozen acts of bona fide terrorism in the past year or so, and if the tin foil hat crowd is right, the NSA is monitoring everyone pervasively, so it's more like 999,999 times out of a 1,000,000.

It is more likely to be nothing 1,000,000 out of 1,000,000 times. A "terrorist" that relies on google and pressure cookers to plan their act is a pathetic basement dweller that lacks the resources to actually do anything. I'd be interested in hearing about that 1 out of 1,000,000 where they caught someone credible, who could have succeeded. And (in TFA case) that same person would have to lack the capacity to not answer the door and move to another city after a visit from government agents.

Boston bombing ... The professionals, meanwhile, correctly identified them hours later, and then took them down without any innocent people getting caught in the cross fire.

However, they were neither able to prevent the act, nor have they used the years and years of indiscriminately stored data. They used current recordings from volunteers, I believe. So the result of the Boston bombing would have been the same without preventative surveillance.
They are competent, but NSA's total surveillance has not improved their ability to do their job.

Re:Er, no, that isn't the story

[Mitreya]

Sure, a "low-level outside contractor" has been given access to a database which is of critical importance to national security. As well, this fictional contractor also has the keys to Fort Knox and sleeps in the President's bed at the White House. Or, perhaps, since there's no evidence any of this has actually happened

I meant Snowden. The fact that Bolivian president got grounded on a suspicion that he is smuggling Snowden, is quite a bit of evidence that Snowden is not simply lying.
I don't know what exactly is true or isn't, but the manhunt is a rather blatant piece of evidence that cannot be ignored.

If it was100%, then pray tell how have we managed to catch any terrorists?

I have no evidence that we have. There is plenty of anti-terrorism activity and vague announcement of hundreds of terror plots having been stopped. Some, mostly unidentified people were also killed by drones, but I am not aware of any "caught terrorists"

I know you are not a troll, but are you just assuming that we have caught dozens of terrorists?

I'd be interested in hearing about that 1 out of 1,000,000 where they caught someone credible, who could have succeeded.

Yeah... that big story this past April in Boston... something about a bomb... asleep the whole month?

You are taking my sentence out of context. Interested in 1/1,000,000 where surveillance could prevent the terrorist act. Yes, terrorist acts happen (rarely), and law enforcement reacts to them just as they would in previous, less-insane, decades.

However, they were neither able to prevent the act, nor have they used the years and years of indiscriminately stored data.

Tell me, when you go fishing in a lake, do you catch all the fish?

If I bought a fancy lake-scanning sonar, I would expect it to improve my odds. If it didn't, the sonar is a failure.

Look, I am not arguing against hunting terrorists. I am saying that the new monitoring activities do not have any demonstrable benefit (that I am aware of).

Prediction

[swillden]

Prediction: this article will not get 850 comments, and many people will continue pointing to this story as proof that Google lets the federal government rifle through all of everyone's data.

99 out of 100

[gsslay]

99 times out of 100, these tip-offs come to nothing

That's not quite what was said. From the original blog ; "they mentioned that they do this about 100 times a week. And that 99 of those visits turn out to be nothing."

So we have three possibilities;

1/ this statistic is a bullshit overstatement, talking up a minimal danger
2/ they are arresting terrorist bombers at a rate of 1 a week
3/ they are prosecuting 1 person a week on an unrelated matter, after gaining access to their house on the pretext of "war against terrorism".

Which do we think it is?

Re:99 out of 100

[bws111]

None of the above. It is the equivalent of Columbo's 'oh, you know, headquarters makes me ask these questions, nothing to worry about'. It puts the person at ease, and maybe they let their guard down a bit.

Re:Devices which have only one purpose

Some people might want to search for news stories pressure cooker bombs, or information about what they look like so they might be able to identify one if they see it on the sidewalk.

This could well be search suggestions.

[jaseuk]

Typing "pressure cooker" lists pressure cooker bomb as the 3rd suggestion in Google.

Jason.

Re:A different lesson

[girlintraining]

I take away a different lesson from this: maybe it's a good idea to wait until you have more facts before starting to run around screaming "The sky is falling!!!!111".

Clearly, this middle manager only watches CNN and FoxNews. And let's be honest: It's the only thing playing in most break rooms, and middle managers aren't known for their critical thinking and investigative talents.

The fact that some real shady things in terms of corporate and governmental surveillance do go on is no reason to just give up being rational.

Neither is it a reason to ignore the fact that the police showed up, were polite and courteous, asked a few questions, and left satisfied. Now look, I'm no more happy having the police show up at my door than anyone else -- but by and far, the experiences have been professional, as this person learned. I've had people call in all kinds of things to the police about me; I know because they keep records of that kind of thing and I know the right people to ask to get them.

Every one of you past the age of 30 has something in their police file from a "concerned citizen." All of you. Yes, even you, Mr. Above Average Driver who pays all his bills on time and even helps his land lady carry out the garbage. But most of you don't know about it because the police conducted their search discreetly, found nothing, and moved on. Which is exactly how surveillance should work. And most of the time, that is how it works; you guys only hear about the 1 in 10,000 case where they screw it up, not the other 9,999 where nothing newsworthy happened because they did it right.

This wouldn't be news if it wasn't for the news agencies creating a story where there really isn't one to sell more advertising. "Over-zealous middle manager of questionable technical ability reports ex-employee after searching internet history and finding a few keywords and deciding it's a matter of national security..." is not exactly interesting to me, and it wouldn't be if not for the drum beat of "NSA... NSA... NSA..." all over the news right now. Please. Former employers are like ex-boyfriends -- take everything they say with a biiiig grain of salt.

Re:Private browsing

[MtHuurne]

If your work browser is configured to accept certificates from the proxy server, SSL might not give you privacy.

Re:How will they be compensated?

[jemenake]

Hm? RTFS... the boss sees someone searching for bombs, thinks "hey, this could be bad", tip the police, turns out it is nothing.,,

From the aricle, they specify that it's a former boss, and there's no mention of how amicable the termination was. So, it's also possible that the employer, due to a grudge, discovered the suspicious searches and decided that it would be an easy way to make their life difficult for a little bit.

Actually, we'll probably never know they entire story. The employer, no matter what their motivation, is going to stick to "Hey... if you see something, say something...".

Re:Private browsing

Exactly! So, shut the fuck up, slaves. Employers pay for your time, not your work. Employers OWN you for the duration of that time. You have no rights beyond that which your employer affords you. You should act like the good little worker machines that you are unless your employer gives you permission to do otherwise.

God damn these lazy employees these days, thinking they can be human on an employer's dime.

Re:How will they be compensated?

[cold+fjord]

The important detail missing is that the couple wasn't searching for bombs. It appears the police added the word "bombs" to cover up their amateur-hour faux pas so that an investigation sounds reasonable.

That doesn't appear to be correct according to the fine article:

The former employee’s computer searches took place on this employee’s workplace computer. On that computer, the employee searched the terms ‘pressure cooker bombs’ and ‘backpacks.’

Use discretion before calling the police

[davidwr]

You CAN be too careful.

Before calling the police in a non-urgent situation, ask yourself

"If everyone in my exact situation called the police, a few crimes may be prevented but a lot of lives would be intruded on and a lot of police resources and taxpayer money would be spent. Would it be better for society if, as a rule, the police were called in this exact situation or if, as a rule, they were not?"

This goes not just for bombs but for thinks like someone unfamiliar walking around your neighborhood at 3AM, your kid's friend sporting frequent unexplained bruises, and the guy who who hangs round the local kiddie park without kids in tow.

Each of these "no matter what I do, there's a good chance that I could wind up doing the wrong thing" cases and many others like it require a gut-check and a realistic assessment of the situation before calling the police. Sometimes the "best answer" is to call the cops. Sometimes the "best answer" is to talk to the person acting suspicious or get friends and neighbors together and talk to the person. Sometimes the "best answer" is to do nothing.

Finally, if you do make a well-thought-out decision and it turns out to be wrong - if you DON'T turn in the guy who searches for pressure cookers and he turns out to be a bomber, or if you DO turn him in and as a result the police are busy interviewing the person and can't get to an armed-robber-in-progress call in time to avoid bloodshed, don't feel guilty about your decision.

Re:Private browsing

[davidwr]

A good proxy server is going to allow your system administrators to decrypt your SSL connection.

Yes and no. Yes, a proxy can do MITM attacks, but no, barring a key compromise, it can't do so undetectably. A computer-savvy employee who is concerned about a MITM attack can do some testing beforehand and on an ongoing basis to assess his risk.

Some things an employee who doesn't 0wn his own box probably cannot check for is a keyboard logger. Employees probably cannot check for other things like hidden cameras and other off-the-computer surveillance.

Re:Private browsing

One or two rules in the firewall and no OpenVPN for you.

Seriously, do your private shit from your home - or at least from your phone with your own data plan - instead of wasting your and sysadmin's time playing tag with network policies.

Re:Devices which have only one purpose

[spacepimp]

This is the bigger issue with the surveillance state. In a free society you can read what you want, think what you want and say what you feel: WITHOUT FEAR OF RETRIBUTION. The chilling effect that occurs, that even searching for a news item such as this flags you and puts you on a watch list. It is a direct assault on personal liberties.
When you say that "aside from self-educating concerned citizens, no one other than an engineer should be searching for such a thing" I find it truly offensive. No one has the right to tell you what you should think, what you can read or what can be said. There is no humanity or dignity in a world where the level of control and power has shifted to allowing for this. No person should be afraid of retribution for free thinking, learning or reading what they want for whatever reason they want. The mere fact that you can justify the infringement of these liberties shows how far the ideals this country was founded upon have slipped away.

If it's not your PC, nothing on it is private.

[couchslug]

I don't use work PCs for anything but that. If I want personal connectivity I can pay for it.

Jobs which do not use computers don't pay for me to surf on their time, either.

A computer is like any other tool, for example a milling machine or a welder. If I want to borrow one of those for a bit, I ASK the shop owner.

Re:How will they be compensated?

[cellocgw]

The former employeeâ(TM)s computer searches took place on this employeeâ(TM)s workplace computer. On that computer, the employee searched the terms âpressure cooker bombsâ(TM) and âbackpacks.â(TM)

Yeah, because there's zero chance he was just searching for news stories about the Marathon bombing and possible copycats. Or because he was just plain interested, as an intellectual exercise, in the relative efficacy of pressure cookers as a bomb containment device vs., say, a layer of ball bearings embedded in a core of C4.

Come and get me, you NSA assholes.

Re:Private browsing

[Salgak1]

When you're using your company's computer and your company's network, there is exactly ZERO expectation of privacy. No doubt, you've signed an "acceptable use policy". . . . Read it next time. . . .

Re:How will they be compensated?

[hacker]

It doesn't matter if she was searching for 'pressure cooker bombs', because that is not illegal!

She has not committed any crime, nor should she be suspected of one. In fact, she shouldn't have let them in the house, because they have no warrant, nor any valid reason to suspect her of doing anything against the law.

Since when was curiosity or knowledge seeking a crime? Is that where we are now? Living in fear of learning more, because those who think they're holding the power, are looking at everything we do?

Re:Private browsing

[RoknrolZombie]

He's not lying (or even fibbing, not even a little). The last 3 jobs I've had as a tech required 10+ hour days Mon/Fri, and if I wanted to do anything on the weekend that would take more than a few hours I had to notify my boss (in case they tried to reach me and I was unavailable). I'm no manager or lead or anything like that...I'm just the guy that they want to make sure is available in case a computer breaks.

Once upon a time those jobs were restricted to the heads of the company and they were awarded accordingly. Now those jobs are everywhere unless you're literally the bottom rung on the ladder.

The working climate in the US is dismal.