Slack Now Letting Employers Tap Workers' Private Chats

itwbennett writes: Chat app maker Slack is hoping to make inroads in the enterprise with a new paid plan that will include an optional feature called Compliance Exports that will let administrators access their team's communications, encompassing public and private messages. The tool is far-reaching, potentially including the edit history for workers' messages as well as messages workers have marked for deletion, if the supervisor so desires.

Not a good name for enterprise

[Spy+Handler]

Wouldn't "Work Hard" be a better name for your app?

Re:Not a good name for enterprise

[Savage-Rabbit]

Wouldn't "Work Hard" be a better name for your app?

Product names should be descriptive. How about Quisling? ... or Canary? ... Stool Pigeon? ... Rat? ... Grass?

Re:Not a good name for enterprise

Wouldn't "Work Hard" be a better name for your app?

In a world full of pokes, tweets, and snaps, I think I'll let it go. We slid down Stupid Name hill a long time ago.

Re:Not a good name for enterprise

Should be descriptive, like say.. Lync?

Re:Not a good name for enterprise

Should be descriptive, like say.. Lync?

The minimum requirement for a descriptive name is that it should be an actual word.

If it's not your computer

[Barlo_Mung_42]

it's a good idea to assume it's not private.

Re:If it's not your computer

If you are at work, pretty much they have all the right in the world to log your actions. Thought this software always was in use that showed each employee's connections (# of contacts, and frequency.)

Re:If it's not your computer

Logging actions. Sure.
Reading my email?
Wiretapping my phone?
Sending emails in my name?

Where is the limit?

Re:If it's not your computer

[alex67500]

Logging actions. Sure.
Reading my email? OK
Wiretapping my phone? OK
========= LIMIT =========
Sending emails in my name? False Personation.

Where is the limit?

Banks' Compliance departments require the first three (SEC rules) at work -- including work mobile phone. I drew the line for you.
By the way, false (im)personation can be qualified as a felony is some states in the US.

Re:If it's not your computer

[TheCarp]

it is, though, I think this is amusing in a way as, where I work we have an internal messaging solution, but we are actually expressly forbidden from turning on logging because well...if we are using im for work, then likely important and confidential information goes over that channel, which is fine being both internal and encrypted to the endpoint but.... if we log, it means that information sitting around in logs, which is a liability since it would be yet one more source of confidential information that has to be protected.

It sounds to me like anyone using this is exposing themselves, and their employees to unnecessary risk.

Re:If it's not your computer

We don't all work in shit hole companis like you do. Some companies actually respect their workers as adults.

Re:If it's not your computer

[CaptainDork]

This.

For the curious, Google, "discoverable in litigation."

Re:If it's not your computer

false (im)personation can be qualified as a felony is some states in the US.

Then I'm packing my bags.
A very recent law passed in Australia allows the various security services to impersonate private citizens, and to even add / edit / delete data from people's hard drives. (Amongst many other powers.)

Pretty good idea if it is your computer

[Crashmarik]

to still assume it's not private.

The only secure computer is one that is disconnected from the net, turned off, and cased in concrete and even then I wouldn't be sure.

Re:Pretty good idea if it is your computer

[Todd+Knarr]

You forgot "sunk at the bottom of the Marianas Trench". :)

Re:Pretty good idea if it is your computer

[ruir]

Nobody talked about "secure" computers. If you are not using your OWN computer and your OWN network, youd better assume it can be tampered with (and even so, lets not get started on ISPes or malware for espionage). More so when using computers at work. The computers and the network belong to your employer.

Re:Pretty good idea if it is your computer

[Crashmarik]

Nobody talked about "secure" computers. If you are not using your OWN computer and your OWN network, youd better assume it can be tampered with (and even so, lets not get started on ISPes or malware for espionage). More so when using computers at work. The computers and the network belong to your employer.

Woosh

Re:Pretty good idea if it is your computer

[NotInHere]

The network shouldn't matter unless you count installing some shiny cisco app or accepting companie's CA as "network setup".

Re:Pretty good idea if it is your computer

[thhamm]

Granted, i wouldn't mind James Cameron sniffing through my pr0n collection.

Re:Pretty good idea if it is your computer

[ruir]

You should seriously revise your [cynic mode on] I do not even have an idea why people use Tor [off]. And in the corporate word, often you have not a say own your work station is installed of which certificates come with the default setup. Or what people is logged besides you. And besides passive surveillance, there are more nefarious activities to worry about. ( https://www.eff.org/wp/detecti... ) Packet interception, DNS interception, packet sniffing, man in the middle attacks, logging all your network activity on several ways, levels and technics, divert your traffic to where it should not go...and so on. Certifications only give you an illusion of privacy. You suffer from a simple delusion that I have witness in some coworkers, which is to not recognised, that as a single point is compromised in the infra-structured, you cannot count on your privacy ever.

Re:Pretty good idea if it is your computer

[ruir]

fuck you too. Have you heard about stressing out something that was just said and figures of speech? Damn kids...

Re:Pretty good idea if it is your computer

[NotInHere]

Yes you can monitor stuff even with TLS, but that's far less than without encryption. So my company knows that my smartphone connects to whattsapp.com on port 443 and exchanges 2kb of information.

Re:Pretty good idea if it is your computer

And my wife looked at me weird when I said "No, I don't want wifi in my desktop motherboard, keep it seperate." Hello, I love my ethernet and I know that's still insecure as hell, at least I ain't broadcasting.

Re:Pretty good idea if it is your computer

[rioki]

The trick is that to use your device in the corporate network you need to install the company's CA-certificate. You need to do that or you can not use . Now as it just happens the gateway router is also a transparent HTTPS proxy that issues certificate for the domains it MITM using that said CA-cert. You can't do much (in the US), since you agreed to the usage terms, that included "monitoring for anomalous behavior".

Re:Pretty good idea if it is your computer

[rioki]

Stupid angle bracket removal....

You need to do that or you can not use "vital bureaucratic web service".

Re:Pretty good idea if it is your computer

Don't use the office wifi. Problem solved.

Re:Pretty good idea if it is your computer

[some+old+guy]

You think he doesn't?

Re:Pretty good idea if it is your computer

Smartphones in the workplace do not need CA certificates or any of that added complication; you simply use your cellular plan for data and your employer can pound sand regarding what was sent/received.

Re:Pretty good idea if it is your computer

And my wife looked at me weird when I said "No, I don't want wifi in my desktop motherboard, keep it seperate." Hello, I love my ethernet and I know that's still insecure as hell, at least I ain't broadcasting.

ethernet still insecure as hell? In a family home? hardly; In an office environment? That would be correct.

Re:Pretty good idea if it is your computer

[thhamm]

Wait. So if i can make enough bucks in Hollywood to pay the NSA to finance "dives for pr0n (TM)" ... Hell, they're worth something after all ...

Discovery nightmare

[Todd+Knarr]

I think if I were in Legal I'd nix this instantly as a discovery nightmare in the making. Employees start to say a lot of things, reconsider and rephrase or outright rewrite before sending the message. Often the message they didn't send is exactly the kind of thing the opponent in a lawsuit is looking for and exactly what you don't want to have to give them. If your compliance monitoring application will let you store and view those unsent, often inappropriate or ill-conceived, messages then you're going to have to cough them up during discovery or during any investigation by regulators. Worse, if any of them get out through other channels you've weakened your defense against a claim that you knew or ought to have known about them since they're in your compliance system. Better to only record the stuff that was actually sent and not have to explain your employees' private opinions.

As far as monitoring of sent messages goes, the first rule is "If you're on someone else's network, they can see everything you do.". Or, to quote Pitr, "God, root, what is difference?". If you're on the company network, don't say anything you don't want the company becoming aware of. If you need to express a private opinion without putting it on the record, do it face-to-face and verbally (especially if it involves an unflattering opinion of someone with the authority to get you fired).

Re:Discovery nightmare

If your compliance monitoring application will let you store and view those unsent, often inappropriate or ill-conceived, messages then you're going to have to cough them up during discovery or during any investigation by regulators.

That is exactly the point. The 'compliance' refers to compliance with the regulators/regulations.

I work for a company that provides call and SMS recording solutions to banks where they can record the phone calls and text messages sent and received by their employees on their mobile phones. This doesn't mean all employees, it's just those in certain positions like traders.

Doing so is an FSA requirement - banks *must* do this in order to gather the evidence that can prove or disprove that traders are involved in things they shouldn't such as insider trading, libor rate fixing etc. The bank has a team that is responsible for monitoring those communications and preparing reports for the FSA proving they are recording these communications as required (which is essentially showing you have a recording of every call made/received).

This is just an IM platform catering to that market.

Re:Discovery nightmare

[Maxo-Texas]

I think this is a new level. Considering they can see pre-drafts, edits, etc. which previously were lost and all you saw was what was sent or saved.

It may be suitable for banks, but it is going to raise the cost of business for everyone.
It's probably overkill for many businesses AND will simply drive people who have ill intent to other communications methods.

Re:Discovery nightmare

They can see pre-drafts? No they can't. The post says:

The tool is far-reaching, potentially including the edit history for workers' messages as well as messages workers have marked for deletion, if the supervisor so desires.

If you RTFA, you'll see that "potentially" means "we made this up but nobody has said you *can't* get the edit history". The whole thing is based on some bullet points on a pricing plan, and nowhere does it mention edit history at all.

Re:Discovery nightmare

There is a need for unrecorded communication. Law is not prepared for a world where all communication is recorded. There is law controlling what you can write and say, but it is not enforced to the level off disputes at the copy machine and to the level of chats with colleagues. Think of Sarbannes Oxley. If you do not record the communication that's ok, it is not mandatory to be recorded. If it is recorded, deleting records is a crime!

Vajk

Re:Discovery nightmare

[Charliemopps]

Your network security team can already see everything you do on your computer. They can literally, watch a live view of your desktop. They can log into your email. They can capture all of your network traffic at the firewall and view it via wireshark. And since it's THEIR computer and network, they can take the SSL keys you used and decode your HTTPS traffic as well. Nothing you do on a work computer is private at all.

But, they don't generally do all of this unless they have a reason to. If you missed your numbers this month or just failed at some major project, you might want to stay off youtube for a while. ;-)

Re:Discovery nightmare

[cardpuncher]

>As far as monitoring of sent messages goes, the first rule is "If you're on someone else's network, they can see everything you do."

That might apply in the US. The first rule in the EU is that they can see only what they've informed you they want to see, and only if doing that is proportionate. You can't in general snoop just because you own the wires.

Re:Discovery nightmare

But, they don't generally do all of this unless they have a reason to.

Which is different from a program that captures and saves all of the messaging data.

Reading comprehension bro, do you even?

Re:Discovery nightmare

[Charliemopps]

But, they don't generally do all of this unless they have a reason to.

Which is different from a program that captures and saves all of the messaging data.

Reading comprehension bro, do you even?

What about capture don't you understand? Capturing every bit of data that leaves your computer is a 2 to 4 word command. Later you take the log file, grep it for interesting bits and you have everything you want. Including encrypted traffic. So next time, shut your mouth and do some research before decide to get all snotty and post Anon.

I find it ironic that you think posting anon gives you any sense of anonymity on slashdot. lol

Re:Discovery nightmare

[CodeArtisan]

If your compliance monitoring application will let you store and view those unsent, often inappropriate or ill-conceived, messages then you're going to have to cough them up during discovery or during any investigation by regulators.

That is exactly the point. The 'compliance' refers to compliance with the regulators/regulations.

I work for a company that provides call and SMS recording solutions to banks where they can record the phone calls and text messages sent and received by their employees on their mobile phones. This doesn't mean all employees, it's just those in certain positions like traders.

Doing so is an FSA requirement - banks *must* do this in order to gather the evidence that can prove or disprove that traders are involved in things they shouldn't such as insider trading, libor rate fixing etc. The bank has a team that is responsible for monitoring those communications and preparing reports for the FSA proving they are recording these communications as required (which is essentially showing you have a recording of every call made/received).

This is just an IM platform catering to that market.

Of course, the beauty of all these systems is whenever the SEC asks for emails, they are often "missing" due to backup or archiving mishaps. The fact that the penalty for not producing the emails is significantly less than the penalty for financial misconduct is purely coincidental.

Re:Discovery nightmare

Which is different from a program that captures and saves all of the messaging data.

How is that any different? Do you think your email is not "captured and saved" by people with access?

Think they'll ignore your drafts folder to avoid making you upset?

It's a chat tool - you're sending messages over a network via SOME company's computer systems. Of COURSE it's "captured and saved" by the tool - that's a FEATURE of the tool, you dimwit.

Re:Discovery nightmare

[houghi]

One of the reasons I have an alias is so it will beclear that I NEVER speak in name of the company I work for. The other upside is that I can't use Facebook. Furthermore I know the company will be able to see everyting I type, SO I almost never use my company PC for work related things, except to see if there are delays with the trains.

For private mails (or anything else), we have dedicated PCs who also have access to sites I can not get to on my work PC (webmail and such). They are on a completely seperated network. So if you urgently need to send an email or visit a site to order something, you are able to do so. A third option is now available: your phone.

Re:Discovery nightmare

[davidwr]

Your network security team can already see everything you do on your computer.

Well, practically everything. Except on machines where they control the BIOS, they can't tell what happens if I power off, disconnect the network cable, and boot up with another device.

They also can't tell if I use the monitor as a place to hold the sticky note with my password on it. Now, the security team that comes around and night checking for sticky notes with passwords on the other hand....

Re:Discovery nightmare

Well, the courts have been known to punish banks very heavily for losing this data. I believe UBS copped a $100 million fine when they claimed they'd lost data - and then found the tapes in a closet 6 months later.

Re:Discovery nightmare

You post on here a lot. Never have I seen you say something nice, worthwhile or insightful.

Posting anon because fuck you. Be nicer to people or get off my lawn

Re:Discovery nightmare

What is a $100 million fine to a bank? Perhaps no gold toilet seats for their executives? Or using quadruple-ply 50 dollar bill toilet paper instead of quadruple-ply 100 dollar bill toilet paper?

Re:Discovery nightmare

^^ this. Slack users can edit their posts after they've been sent to a channel. What Slack is saying is that all edited versions of those comments will be in the exports, as opposed to what you were typed before you chose to press enter the first time or just give up and delete it all.

Re:Discovery nightmare

[Todd+Knarr]

Not to be picky, but I think you're confusing "can" and "are allowed to". "can" has to do with being physically and technically able to. "are allowed to" involves things like "Is it legal?" and "Have the sysadmins been ordered to?". The admins may not for example be legally allowed to just record and scan your IM sessions for no reason, but if diagnosing a weird network problem requires capturing traffic on the wire your packets will get caught and get included in the logs regardless of what the law says (since if I knew exactly what I was looking for well enough to just capture the relevant packets I'd already have diagnosed the problem and wouldn't need to do a traffic capture) and key words in your session may catch my eye. And beyond that kind of legitimate situation, we've all seen cases where companies do things that aren't legal if they think they won't get caught or the benefits outweigh the cost of any fines they may have to pay.

OTOH, as I've reassured people, "Don't worry about it. Yeah, I can see everything if I want to. But your porn is boring unto tears and frankly my to-do list is too long already and I do not want to have to add anything more to it.".

Re:Discovery nightmare

What's even more ironic is that the point you're arguing is the same point argued by the post you're responding to. In other words, you're agreeing, but in your eagerness to be superior and condescending, you missed that (rather salient) fact.

Good job.

Looks like they're only doing what they have to

From the article:

Slack is offering the feature to accommodate businesses that are required by law to have access to and store all employee communications, the company said in a blog post describing the feature.

Financial services and securities trading firms regulated under the Financial Industry Regulatory Authority are two examples. So too are companies that, due to litigation concerns, must store all employee communications, Slack says ...

The data collection does not happen automatically. There is a several-step process for team owners to request access, which includes sending a signed letter on company letterhead to Slack stating that the company's policies allow that kind of access. Each request is reviewed by Slack for approval, the company says.

Once granted, workers on the team are notified of the data access, which includes all messages from that point forward. The feature is not retroactive.

So what?

[Dr_Barnowl]

What, we don't think that Lync and everything else that offers a chat server in your own rack can't be configured to do this?

Hell, at my last office, they were feeding all our VoIP calls through this SIGINT app ; the only reason I found out was because I was copied in on ICT change reports for operational reasons and one of the changes was they moved the storage for the VoIP calls to another server.

Presume that you're being watched. You likely are, by someone.

Save Money

[rtb61]

Sounds like an interesting way to make employees pay for their own to be used during work hours and toss the company phone in a drawer. A very cunning way to save company mobile phone call costs and make the employees pay for them ;D.

Re:We need communism

Congratulations, Mrs. Brown! You taught your 6'4", 292lb. "baby" to ignore the law, and that it is OK to be a thief, and to physically attack anyone who is white - after all, "he got rights". You forgot to teach him that others have rights, too, including the right to self-defense. And you have now reaped what you have sown.

Avenge the taxpayers of America! Stop all welfare and handouts to scum who are too lazy to work! Down with the parasitical social programs that are a forced redistribution of wealth! Liberate the Black Slackers by stopping the unearned giveaways!

Maybe Charles Manson was right...

Chat is terrible hellscape

[Kethinov]

Internet chat is a terrible hellscape and it's saddened me for almost two decades.

Unlike email and the web, the dominant systems for instant messaging have been proprietary forever. Sure, XMPP exists, but nobody uses it. There was a chance when Google Talk was using it, but ever since Google stopped federating, that's basically fucked.

Now we're seeing the slow death of IRC too at the hands of better but more proprietary user experiences being offered by Skype and Slack.

And it's easy to see why too. The proprietary chat tools out there like Slack are absolutely incredible user experiences.

If IRC and XMPP are ever going to be competitive with the new proprietary guys in town, it needs to get competitive on the usability front.

If we ever want to reclaim our freedom, we have to find a way to make XMPP is as usable as WhatsApp and IRC is as usable as Slack.

I don't really know how to do that. I wish I did. But I think the internet would benefit massively from it. Imagine if there were 5 different competing proprietary protocols for email or webpages? That's the world we live in now for internet chat. It doesn't have to be this way.

Re:Chat is terrible hellscape

[SeaFox]

Sure, XMPP exists, but nobody uses it.

My employer does. It's the official office chat platform. The workstations come with Miranda on them and it's run from a network drive so your profile roams with you.

If IRC and XMPP are ever going to be competitive with the new proprietary guys in town, it needs to get competitive on the usability front.

Why must everything be a competition to gain share? IRC isn't going anywhere. The people using IRC now are using other chat clients along side it. Or they aren't. There's no reason XMPP or IRC can't continue to exist in their own little niches just because more people use Slack/Skype/$currenthypedmessagingprotocol. People still use newsgroups for crying out loud, and mailing lists, when web messaging boards give a better experience.

All these newfangled proprietary chat platforms mean to IRC users is something to distract Joe Sixpack and keep him from creating another Eternal September in their backyard. They don't give a flip if they're "winning" any imaginary war with Slack.

Re:Chat is terrible hellscape

[gozar]

Now we're seeing the slow death of IRC too at the hands of better but more proprietary user experiences being offered by Skype and Slack.

And it's easy to see why too. The proprietary chat tools out there like Slack are absolutely incredible user experiences.

If IRC and XMPP are ever going to be competitive with the new proprietary guys in town, it needs to get competitive on the usability front.

I think Slack is built on IRC, I use a bouncer and whatever IRC client I have handy to connect to our work Slack.

IRCCloud is putting a pretty face on IRC, if they would offer the Slack integrations they could be a real competitor.

Re:Chat is terrible hellscape

It matters, because every time I start a project with a few new people, it's a huge pain to get everyone on the same network, and that is even before any issues with needing to add each other as contacts, voice/video communication, file sharing. It's a giant hassle.

Low usage/market share can also be a problem, because if that gets below a certain point, then it can also affect the developer mind share and the amount of effort invested in developing the technology/protocol/applications so development of modern features and updates slows to a crawl. IRC is how old today? Yet the clients are still crappy, and rocket science is easier than trying to figure out how even some of the basic IRC features are used.

Re:Chat is terrible hellscape

[SeaFox]

It matters, because every time I start a project with a few new people, it's a huge pain to get everyone on the same network, and that is even before any issues with needing to add each other as contacts, voice/video communication, file sharing. It's a giant hassle.

If the platform you're using is hampering your work, and if XMPP has advantages over other platforms for your issues, you should be making the business case for this to whoever picked what you're using. If the other guys have something else they're using and they're resistant to change, then that sounds like a people issue, not a software issue. Wishing everyone had the same preference as you to make your life easier if futile. Depending on how often this comes up, maybe the person really using the "wrong" platform is you.

Low usage/market share can also be a problem, because if that gets below a certain point, then it can also affect the developer mind share and the amount of effort invested in developing the technology/protocol/applications so development of modern features and updates slows to a crawl. IRC is how old today? Yet the clients are still crappy, and rocket science is easier than trying to figure out how even some of the basic IRC features are used.

What do you want to change with IRC cleints? IRC is a text-command based service to start with, so it's never going to get "easy" for people to use, that's its nature. The closest you can do it add buttons/dialogs that generate every command you want for you. If you code, you can write that yourself.

shortsighted

[Gravis+Zero]

The company hopes to attract more businesses with the optional feature

they seemed to have forgotten the part where the employee has choose to use it. i wouldnt be surprised if they lose all their users in a month's time to a similar application that isn't spyware.

Re:shortsighted

HipChat's allowed company admins to view private message history for at least a year now. They don't seem to have vanished yet.

Re:shortsighted

[rebelwarlock]

Never heard of it.

Re:shortsighted

[jratcliffe]

Yeah, because employees totally stopped using email because employers can and do archive it and read it when/if they want to.

Re:shortsighted

Important note: As an admin, you CAN view other people's rooms (even if they're private rooms - i.e., multiple people in them), but not 1-to-1 chat. For that, you have to follow the same procedure as Slack has implemented - a company representative has to file a request, which the HipChat compliance team reviews, and they will then send you the chat logs.

Citation: I'm the hipchat "admin" for my engineering team, and we had to pull some chat logs.

Re:We need communism

[Zontar+The+Mindless]

Most Americans wouldn't recognise a welfare state if it walked up to them and and handed them its ID.

Re:We need communism

You are welcome to all the wealth that is purely the product of you or others who have voluntarily co-operated with you.

Of course, this does mean you are not allowed to own land. Or make use of any raw materials. So you won't have a house, you won't have food, and you won't be able to eat. But at least you'll be able to live without redistribution of wealth!

Hint: You don't have any rights to any property that aren't granted communally, under license. If you reject that license, you reject making use of anything like land or raw materials, as by doing so you would unfairly deprive others of its use, thereby violating your own "no forced redistribution of wealth" rule.

lol

[Charliemopps]

"They're going to 'allow' us? hahahaha!" said your network security guy while reading this story live from your browser via remote desktop while simultaneously capturing all of your http requests via packet capture at the firewall.

Re:lol

Slack runs over TLS. Hope you've installed your re-encrypting transparent proxy server correctly and got your root certificates up to date and installed on everybody's computers, phones and tablets.

Re:We need communism

You don't have any rights to any property that aren't granted communally, under license.

And the community has rights to the land because of what, exactly?

Is this one of those questions answered by: "Because fuck you!, that's why".

They are expanding to other markets...

[bhmit1]

... not exploiting existing ones, at least not intentionally. This is a requirement for places like financial firms that have to show there was no insider trading going on, so phone calls and messaging systems have to have full logs. Every other system is simply banned for compliance. So if Slack wants to be used in those companies, they have to have this capability.

Seems like a story of company expansion more than privacy being exploited, but of course, like others say, if it's not on your computer, don't assume that it's private.

Yeah

[Greyfox]

Your communications are being monitored at work. Never type anything into IM unless you have to, never log on to personal E-Mail from a work computer and for the love of God never log into your bank from there. And never log into work IM or Email from a personal computer.

Face to face chats

[Pec]

Thsi will push people to have more face to face chats, and only post online politically correct chats.

Maybe this is not so bad.

my 2 cents

Re:We need communism

[jeffmflanagan]

You wingnuts need to stick to your own hate sites. You just make an ass of yourself when you're not announcing your idiocy to like-minded dipshits.

I'd be upset if I were Patrick Volkerding

[HBI]

n/t

Re:I'd be upset if I were Patrick Volkerding

[ESD]

That's what I thought too, at first glance. Didn't know the other 'Slack' yet.

Re:We need communism

And the community has rights to the land because of what, exactly?

Is this one of those questions answered by: "Because fuck you!, that's why".

Whosoever can defend the land against others, has the right to said land. It sucks, but it is true.

"Oh, so if I want your land, all I need to do is kill you?"

You are welcome to try, but I suspect the community will do something about that. Maybe not before you manage to kill me, but definitely afterwards.

"...a new paid plan..."

Don't forget that the want to charge employers for the 'service.' My bet is it a monthly 'subscription,' as opposed to a one time purchase.

Traders fixing Libor, FX rates, etc?

[hughk]

There has been a lot of press about traders misbehaving. Normally all communications from the trading room is recorded: Voice and IM. The idea is that if some traders decide to cooperate to set a price that should be set by competition, it will become obvious later and the traders can be prosecuted. This has happened but it needs full logs. As for privacy, the usual rule is that you can make personal calls or messages but not at the trading desk.

You can already do this

[johncandale]

They can already read your email. Besides you shouldn't be discussing anything non-professional on work networks anyways. And if you are on a office computer they could read your notepad.txt if they wanted.