Slashdot Mirror
Stealth Software Used To Spy On Employees
Baraka writes "As if reading the e-mails of their employees wasn't enough, some corporations have gone as far as to install hidden software on their client boxes. The software secretly monitors all keyboard and app activity. At the end of the day, the gathered information is e-mailed to the "offending" employee's boss. Read it and weep, folks. Looks like Big Brother is alive and well in the officeplace. "
Since office work began, employers have monitored employee performance. Scrooge expected his minions to keep up the pace, or be kicked out the door. Time-motion studies decades ago were used to identify what levels of output the most efficient workers would be able to produce.
This is just a finer resolution of detail. Instead of measuring completed documents, they're measuring sub-units of the document.
It's annoying, but it's no different than previous measures of performance.
--
Don't like it? Respond with words, not karma.
Actually, in retrospect, this might be a ploy by the company to generate interest in its product. The more controversy surrounding this product, the more people who are informed about it -- kinda like Apple complaining about export policies in order to brag about how fast the G4 is.
Personally, I think monitoring is not a good idea. If an employee can double his/her productivity by taking short breaks to chat with friends online, then by all means that employee should do so. It should be painfully simple to discover when someone is making trouble online. At that point, convensional methods should suffice unless special surveilance is required. In general though, spying on employees betrays trust.
It seems American companies are willing to just about anything to spy and generally make life suck for there employees, but at the same time I keep hearing about how companies are scrambling to find people for there technical jobs.
If having to worry about finding another job is not a problem, why would anybody stay at a company when it starts spying on you, forbidding you to send private email etc etc? Is this just a matter of greed, because I know that as far as I am concerned some level of freedom at a job is worth a number of K $s.
Maybe I'm just not disillusioned enough yet...
-
Corporate LAN staff decided do an OS survey with port scans. Both of my machines reported the port scans to me. The LAN admins got an inquiry from me to confirm it was a legitimate scan, and as I realized what probably happened I offered to manually give them their survey info. They seemed slightly amused that they'd been noticed. They also didn't complain about the machines having security settings too good for their search...
This is why I use my own box at work. Well, ok, it's not really why, but it's one nice side-effect. Generally companies large enough to do this sort of thing have standardized on NT, and have nothing but point-and-drool admins who have no idea what to do with a Linux box. My workstation: I built it, I own it, I administer it, and it runs Linux. I trust my new employers though, so I don't think it'll be an issue. :-) They ran SMS at my last job-- funny story: When I first got there, they installed NT on my machine (of course it was going to get wiped and Linux-ed as soon as they left the room). I had to sit there and watch for 1/2 hour while they installed the system, set it up, created a user for me, blah blah blah. Finally at the end they set up SMS, and told me "I'm sure you know how to disable this, but please don't, because we need it to... yadda yadda yadda." I just nodded and smiled. Weirdly enough, although I was not allowed to disable SMS if I used NT, removing NT entirely was fine with everyone.
----
We all take pink lemonade for granted.
There is no K5 cabal.
I am not the real rusty.
actually there are some very simple ways to keep the process from being visible on the Task-Man. (forgive me I cant remember the API calls as of this moment)... However there are other programs available that will let you see 'invisible' tasks =)
fsck -t goldfish
Snooper software may catch who is surfing what sites, but is this good for business? Companies should IGNORE minor transgressions by employees, especially for employees in creative occupations (i.e., software design). To maintain a clear head and to stay creative, periodic breaks are needed. This may mean a quick game of Quake or Tetris, reading Slashdot, or netnews. So what if company resources are used for this? So long as the job gets done, let people enjoy their diversions. Cracking down on "unauthorized use" will not help the bottom line the way you may think. It will create an atmosphere of ph33r and paranoia that will actually end up hurting productivity than if you simply let things be. Can you work productively when someone's standing behind you staring over your shoulder constantly? Monitoring software is no different. So I say that as long as employees are getting their work done and not offending other employees (i.e., surfing porn where others can see it) ant not sucking up the company's whole T1 while engaging in brief periodic non-work activities from their private terminals and workstations, I say let 'em be. Happy workers are productive workers. No one wants to work for Big Brother. If my employer did this, I'd leave. Others would too. Of course, no company will explicitly say "Yes, you can surf pr0n, or play games on company time". Companies don't have to do this either. All companies need to do is evaluate employees on the results of what they produce. The means by which they do it are really a non-issue.
The best way in Win 9x to see what's running would be msconfig in the run box. If some are really brave they can take a look at the Registry and find the Run under the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run and any of the other ones in that general area that have Run in them.
Now as far as it being illegal for the company to do this. That depends on how you look at it. The network and machines are the company's property therefore they can dictate what can and can't be done on said network or computer. That's why I just bring in my own laptop and plug into the network they don't mind that since it's my own stuff I can break it all I want. As long as work is getting accomplished though I don't feel a company should monitor it's employees that heavily.
This kinda reminds me of a telemarketing job I had for AT&T. They could always tap into your line and hear both sides of the conversation that you were trying to sell. You always knew that you had to not lie to customers on the phone and be nice and agreeable. But if you knew that Call Quality was on the line you would be sure to do stuff extra correctly. So if you know that boss is watching you probably wouldn't do anything you're not supposed to.
Good is never enough, when you dream of being great!
Actually if they have the security set up correctly in NT, you cannot kill the process (User Level Security)...
-- john
It's about trust. If an employer doesn't trust me enough not monitor every little thing I do, why would I trust them not to abuse their power?
These types of managers are distrustful pointy-haired pinheads, looking for evidence to support their paranoia (paranoia brought on no doubt by the fear that their gross incompetance will be discovered).
By the time a company gets infiltrated by these types they're not worth working for anyhow.
Exactly when did employees monitoring their employee's activities become invasion of privacy? I could see the wrongdoing if the government was doing this to its citizens, but that's not the case. Companies own the product, they own the space, and as far as they're concerned you should be working on it. This isn't an issue of "Your Rights Online". Your rights in the workplace aren't the same as your rights in the workplace. Drug tests, mental screenings, and performance evaluations are all part of the game of corporate management.
There's paranoia and there's stupidity. The line is fine, but geez, you can still see it.
If you don't like the corporate policies, don't work for them. Either that, or get enough people to agree with you and form a union. In this country, workplace rights issues are usually hammered out by unions.
You can easily use RegisterServiceProcess to hide the process from the task list in 9x.
Also, many of these type of programs use a couple of tricks even then, for instance, they give themselves inoccent sounding names, and/or use shell hooks, which means the application's DLL is injected into other processes, no new processes created. A knowledgeable win32 developer can play a cat and mouse game to disable these applications, but the real issue should be with the employer, and why they feel the need for this. My employeer just runs a proxy to monitor what URL's I visit, and I think much more than that would be grounds to find a new job.
-- It is too late for the pebbles to vote, the avalanche has already started.
I'd quit.
Agreed!!
I've about had it up to here with these reports (not the reports themselves, but the content) that corp's seem to have it in their heads that since they paid for the equipment, they own it, and that by extension, since they pay for the employees, they own them as well.
A coworker of mine recently sent a clipping out of the employee handbook from where I work that basically says that corp security has every right to arbirarily search not only my computers (one of which I've paid for myself - let the lawyers figure that one out), but file cabinets, boxes, drawers, and - get this - backpacks, briefcases, etc.
I've been filing this kind of stuff under "Corporate Human-rights abuses". It reminds me of the same kind of nonsense one would expect from a facist government, not a modern corporation.
Where the value of X-Mailer: is the true measure of a man...
So, what were they using?
BO2K?
;)
At the company that I interned at this past summer, there was a policy to monitor the users. The funny thing was that only half the company was under this policy. The Business side of the company was quite strict (no changing the background, no outside applications, no games (even during breaks and the like), restricted/monitored web access). Many of the employees actually became less productive when they found out that they were possibly being monitored. They didn't like the idea at all. They were always just double checking that whatever they were doing "looked" right, even when they were doing something that was totally acceptable. But on the other side of the company, the Development side, there were no restrictions. This sometimes strained relations between the developers and the business people, because they felt that they should get the same rights to their computers as the developers. As this progressed, it just continued to go down hill, gossip was all over the place, and a couple of the people on the business side were talking about leaving.
It just seems to me that the loss of privacy jilts the employees. It just makes them feel like little children being watched over, and looked down upon. I know that there are cases where monitoring maybe necessary, but I think that it should be a restricted power, one that is agreed upon on a case by case basis by the management, and is only used when there is just cause to warrant it.
Just to note, the head of the IT department, was desperately trying to forge a plan to switch the whole company over to Linux. This company was very OSS/free software friendly.
Nope. I ssh/telnet into my home box, download the porn with lynx and view it with hexedit.
Look a nipple: "A1 14 23 42 B1 07"
What about office workers who are not ``technologically savvy''? Not everyone knows enough to look for and disable such a thing.
Ignoring that, there could be nevertheless hidden difficulties behind trying to stop something like this. And not all the difficulties are necessarily technological.
If the employer is running software like this one everyone's workstation as a matter of policy, then by disabling it, you are violating company policy. If you get caught trying to disable the software, you could be disciplined or fired. It would be trivial to design monitoring softwarethat cannot be simply turned off without detection. For example, the software could periodically respond to special pings from a central server. Hacking up software to fake the responses could be a major challenge depending on how the program is constructed. If there is some serious crypto authentication, it would have to be reverse engineered and faithfully reproduced in the impostor program. Most people would have to wait for some hacker group to release such an ``anti-big-brother'' impostor.
Another problem is, it would seem suspicious if nothing is being recorded by the monitoring program. You would have to arrange for your impostor program to provide some sensible looking activity record while you conduct personal business. Otherwise you would have to explain the idle periods---and what if the monitoring is being used to detect idle workers as well as ones who are using the equipment for personal use?
A third problem is that even though you stop keyboard monitoring, your employer can still snoop the network. Presumably, any interactions you have with the Internet go through the company's routers. The boss doesn't necessarily need a tedious record of your keystrokes; just some software that can monitor TCP streams and other data. By tapping TCP streams, it should be possible to recover telnet sessions, FTP transfers, ICQ or IRC chats, Usenet reads and posts, etc. This is kind of spying is probably a lot more useful than having some keystroke record. (Of course, one could use an encrypting proxy system, but that alone could draw suspicion.)
I don't think that there is any real technological protection against this. Any such measures treat the symptom rather than the disease anyway! You have to treat the disease. If you happen to fall into such a predicament, organize with other users who are in the same boat, and let the corporation know that you won't take the spying. In other words, the classic organized labor solution to the problem of worker oppression.
Failing that, terrorist tactics might work. The spying has to be implemented by another employee. Simply threaten to, in the parking lot, break the legs of anyone who supports the company's oppressive measures. Distribute an anonymous flyer which threatens to blow up the premises if the spying isn't put to an end by a certain date. Phone in bomb threats. Etc.
A company hires you to work for them. They have bought (or rather, rented) a product (your labor and skills) which they expect to pay the company back more than they spend on you. As such, they have a certain right (not to say obligation) to ensure that they're getting their money's worth. As I see it, this is perfectly OK, at least within certain bounds.
First, they should make their monitoring policies clear. Monitoring performance is one thing, but secret monitoring is something else. Employees should know what they may be subject to, so that, if they don't like it, they have the option of finding another job without those restrictions. Second, they should monitor only the amount, not the content, of personal communications. As the ACLU rep in the article said, listening in on a phone call to a spouse is illegal, and a similar principle should apply to computers. However, the company should be able to keep an eye on whether the employee is e-mailing their spouse once a day, or every 5 minutes. Thirdly, any information gathered about an employee should be purged when they leave the company, unless said information is to be used in a legal action against the employee. Once the person is no longer employed by them, their right to know anything about her ends.
There is a separate issue, which several posters have pointed out. Regrdless of whether such monitoring is immoral (and I don't think it is, within the above limits), it's just plain bad for business. Nobody wants to work in an environment where they are being monitored 9-5 every day, and the psychological effects of being in an environment like that could be enormous, not to mention the effects of being prevented from taking a break every so often. It is accepted wisdom (does anyone know of any statistics on this?) that people are more productive when they are in a work environment where they feel comfortable, and monitoring their e-mail and calling them in for a meeting with the manager every time they play solitaire is pretty much the opposite of that.
Moreover, using this system to routinely monitor employees is a waste of resources. Looking for embezzlers and such is worthwhile, but not routine, wide-scale moitoring. There are much better ways of measuring an employee than how she uses her computer. The monitoring system measures input- how much time is being spent on work. But an intelligent company will realize that they don't care about inputs. They care about outputs, which are usually easy to measure by more conventional means (how much work the employee is actually getting done). The genius programmer who takes minesweeper breaks every hour, but pours out code at a spectacular rate, is worth more to a company (at least, to a smart company) than a dull, uninspired one who produces less, but faithfully spends all his time in the office doing work (at least, as far as his computer can tell).
"Never let your sense of morals prevent you from doing what is right" -Salvor Hardin
Likely this wouldn't work for company monitoring (they'd call you up and tell you to cut it out) but as a defense against unwanted/illegal monitoring software, how feasable would this be?
----
We all take pink lemonade for granted.
There is no K5 cabal.
I am not the real rusty.
These guys really push my buttons....
Look, if the company owns the network, and the hardware, etc.... that's fine, they get to say what happens on them. Do work at work, yes I agree.
BUT! These are the same companies that DEMAND 60+ hour work weeks! If they're so anal as to demand complete control over everything their employees do, then they can pay for every stinking hour that the employee is there. Don't pay more than 40 hours? Then watch your employees walk out the door at 5 each and every single day. Got a deadline? TOO DAMN BAD. We all have to go home and live our lives -- since we sure aren't allowed to do anything personal at the office... right?
-- "No Vir, the Universe is an evil place, but at least it seems to have a sense of humor about the whole thing." -- Lo
There's am old saying in law enforcement. "Where one man can go, another man can go". If the crooks get motorcycles, the cops get motorcycles. If the DEA gets high resolution radar, the drug dealers get the same. Everyone gets so uptight about cracking and monitoring of computer networks, but this is the same thing. If someone puts a monitor on my box, I put a blocker on the monitor, and so on ad infinitum. In the end its about trust. If you have to work with someone you can't trust, you need to protect yourself. If you can't trust anyone you work with, you should do some serious thinking about why that is.
People's workplace should be a non-threatening environment. If workers feel like they are being constantly watched, it doesn't create a conducive environment for productivity.
I am a network administrator for a small-ish company. While I agree that breaks are needed to keep moral at a good level, and that breaks from stress increase productivity.
The question is this: how can I decide, as an Admin, the defining line between an employee wasting company time and taking a much deserved break? It's impossible to set a standard for all employees company-wide. Different people handle stress differently, different job expectations cause different amounts of stress. Yes, I can draw the line and say "You are not permitted to look at pornographic material which at work." But I don't feel it's within my rights to tell an employee that they aren't allowed to use, for example, ICQ while at work.
Employees must simply take it upon themselves to see that software like this isn't necessary. Don't abuse the freedom that an employer grants. I'm not saying you can't play a game of solitaire. I'm saying that you shouldn't play solitaire for 2 hours a day. Moderation. When an employer receives the perception that there is an abuse occuring, that's when software like this seems like a viable solution. Don't give them that opportunity. And if your employer decides to implement this software without provocation, then quit. If you aren't abusing the freedom you are granted, take your talent and abilities elsewhere. Chances are, that employer doesn't deserve you anyway.
Therefore, as long as the software is being used in a *controlled* manner, and only for very limited periods of time, on people who are suspected of wrongdoing, I could agree with it's usage. I'd rather be proven innocent by being monitored, then automatically assumed guilty!
I have had very little problem with issues like these working for small companies, those with about 100 employees or less. There are exceptions, but you can work around them, so to speak. Most small companies don't need such *BS* because they can quickly tell if someone isn't doing their job -- everyone is important and it gets noticed when someone slacks. People know each other fairly well and generally try not to offend each other. It's not a cold impersonal environment.
Corporations, especially the large ones, have indeed made pyschological screening, insurance redlining, credit checks, drug-testing, and lack of privacy the industry standards they are today. The scariest part is that they have great influence over lawmakers and unless we fight it, choice may vanish completely no matter who you work for.
The phone company owns the networks I communicate over, and it even used to own the handset in everyone's home. People *still* have an expectation of privacy in phone conversations, and have been legally upheld in this expectation. Its not the ownership per se, but the explicit signed agreement on terms of use that should dictate whether an employer can snoop or not. If I see such a clause in my contract I'll ask it to be struck, or keep looking, just as I do with drug testing clauses. Their power extends exactly as far as what we will put up with. Too much in my view.
However, too many people forget that legality is not the same thing as morality. I dare say, that as a fellow Libertarian, you, more than others, should recognize that. It is because of the failure of most people to draw that distinction that we have the level of over-legislation that we see today.
So, while the employer is almost certainly within his/her legal rights (at least in the US; I don't know for sure about in other countries), to do so as a manner of course would be highly unethical.
As some others have said, however, if this is used only in the presence of preexisting suspicion, I don't see such an ethical problem. I suspect that the temptation to use it in other cases is too great, however, to be able to realistically limit it to only ethical use. Better to just avoid it all together, if you are an ethical employer.
--
Interested in XFMail? New XFMail home page
Would you be so against this if you could monitor what your boss is doing? And why shouldn't you be, because your boss doesn't own the equipment anymore than you do. You are both employees of the same company, and you both have a stake in making sure it remains profitable.
Ultimately the shareholders own the equipment. So, why don't the shareholders monitor everybody, including the executives? Wouldn't an executive wasting time cost a lot more than a lowely employee? Is this is about making sure resources aren't wasted, or more about keeping people "in line"?
The people saying that, while on corporate property, on corporate time, using corporate equipment, one must play by the corporate rules are basically correct. But the people saying that this is (or has the potential to be) a major violation of personal privacy also have their points.
So what's the deal?
The deal is, I think this is a tool which can be appropriate in a few limited situations with appropriate forethought and control. But I don't trust the teeming masses of management to apply it that way, and I expect it will be used as a sledge hammer.
What are some appropriate uses? Look to the original article, expand on their examples, and qualify the usage. Like it or not, a lot of companies have some very important data and information-- sales databases, customer databases, source codes, proprietary technologies, even something as simple as employee salaries-- that they don't want tranferred out of the company.
It gets worse when you start thinking about government or defense-related companies, where concerns change from corporate security to the national security information of a nation.
Additionally, companies can get into serious troubles if their equipment is used maliciously or illegally, even if they had no idea what was happening, and did not sanction it. Consider a corporate machine being used to distribute or download illegally cracked game software. Now consider a firm in the United States working on a government contract, where an idiot employee does this. The company is now in serious trouble if this comes to light.
Some of these things are going to be easy to detect, others, very difficult. And it is hard to tell a corporate security dude that he has no right to police his own equipment.
However, I can't see any real reason to start subjecting all employees to this form of scrutiny. This, I think, should be reserved for the situations when there is already an indication that "something is up," and then used to clinch the case.
Issue of productivity are, of course, either red-herrings or plain old misconceptions. There are time honored ways to waste time at work that have nothing to do with computers-- reading a newspaper, lounging, excessive coffee-breaks or chats with co-workers, and just plain old malingering will always be with us. Any supervisor who would need to rely on this sort of ham-fisted, intrusive foolishness should himself be fired for incompetence. A good supervisor relies on non-automated metrics of productivity, not automated metrics of diversionary activities.
What this would resolve down to is a reason to fire someone. Dilbert manages to embarass the Pointy-Haired Boss too many times? Well, PHB downloads Dilbert's electronic records, discovers that he e-mails his mother once a week, and terminates him for mis-use of equipment. If it weren't, it would be someone else.
So, it's a trade-off: Is it really worth annoying your workers by making the assumption that they are all crooks, criminals, spies, and professional malingerers, just to catch the 1.5 percent that are?
I doubt it.
Then I think about workplaced that don't and will most likely never have this, and again, I nod in believing the truth of it (again, news and word of mouth).
Maybe the difference between the workplaces where something like this will most likely be implemented, and were it won't, depends on the computer-savvy of the employees at the place. I think about places that are most likely never to implement this, and I think of game programming shops, web shops, unix shops, etc.. basically where unless you are the boss' son, you've got your job because of your computer savvy. At those places, from what I've been told, they are relaxed, might be on IRC, might be ICQing, may send out 50 emails a day.. yet still get out the product on time. Maybe because they know how to juggle their computer time wisely (I know that when I'm not busy with research stuff at home, I can chat in 2 or 3 irc windows and still get web or java programming done). Which suggests that any job that requires compilation might lead into this :-)
On the other hand, an office full of suit & tie bankers or accountants, that think the paper clip in Word is cool, might end up wasting hours on IRC or ICQ because they don't know computers and aren't efficient in doing something else while they wait for their friends to respond to mail (I've seen someone do this at my workplace. Type a message, sip coffee.. wait wait wait... message comes in...type a reply, and sip sip sip... an hour later, he gets back to work. Oy!)
AGain, a lot of whether your workplace is computer savvy or not.
However, I still stand by the point that if it's during the 8hr day that you're paid to be doing and on company property with company computer and a company-funded internet connection, the company has every right to watch what you are doing. They're stupid if they go Big Brother on the workplace, but they have that right to do that. And you have every right to find someplace that doesn't do that.
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
I used to work at one of the 'Dilbert top 5' companies, they rolled out some snooping software in the guise of 'Asset Control' It tracked your machine's configuration. They did have a problem with theft even at this High-tech place with a LOT of highly paid engineers. So this program would report back every day what your hardware config was. Well, then soon after we had to report all the software on the machines, BillG must not have been getting his cut.. So then the software started checking for all your executables. You'd get dinged if you had anything other than the 'Official' programs on your machine. Try telling the software police, I WROTE that program, It's my code!! They'd look at you like you're some sort of subversive... Hmmm writes his own code, better keep an eye on this one...
Then they started getting usage-based licenses, this required tracking also, the tracking program started running 100% of the time logging everything used on your system. It was a great tool to get rid of people, hmm, you're only using MSword 2 hours a day, you're not productive...
I guess it didnt check how much time was spent in rebooting. If you disabled it, the manager of IS came around and had a talk with your manager about you disabling corporate asset tracking software, bad news..
The only place that was safe was the lab, I took to hiding out in there with my un-monitored Sun and what the sysadmins called a 'Rogue' NT network. A friend who is still there has a Linux machine, they dont mess with him too much, but I'm sure the monitering software company is working on a Linux version.
They had the idea that if you work for them, they do own you, they had drug tests and phone logs and all that. I got fed up and left to do contract work, for them sometimes. Things there have gone downhill, control-wise. They do work that requires creativity under this evironment. They've phased in NT corp-wide not because it's better, but because they can control the desktops better. It keeps a level of fear that stops any sort of dissent, if you dont like things, dont complain becuse they have something on you, and could always trot it out and fire you. A complete list of URLs is kept for every user, if you are a good boy, no-one says anything, if you are on the 'list' be prepared to defend every URL you ever visit.
It's no surprise they are currently floundering internally despite having some new products out. This stuff started a few years ago, it takes time for a big corp to rot out it's insides until the outside world can see it, remember IBM?
It's the corporate culture of control that kills creativity and runs off your best people, when I see the top folks leaving, it's time to get out.
I'm talking about the people who are 'good' , everyone knows who they are, with the exception of PHBs and other weasel-types. They are the folks who really make things work. They dont have to put up with any crap. At the first sign the best jump, then as the BS rises, more leave and your dont ever see them replaced, sure, warm bodies may occupy thier old cubes, but things dont get done.
(been there, done that, got the hell out...)
Living well is the best revenge...
Starman97@Gmail.com (bring it on spammers)
You make an excellent point about the danger of monitoring re insider stock information. I think the same argument could be made for medical privacy in a hospital, credit privacy at a credit company, or confidentiality of sources at a newspaper. Any company or government agency that claims to protect anyone's privacy has issues if they monitor their employees.
In the context of current law though, I don't have an answer to this. If an employee engages in illegal activity thru company equipment then seizure for evidence is a possibility. Also harrasment suits from employees offended by other's tastes. To prevent that the company must become their own police force to catch criminals and harrassers before the real police or courts can.
The question is whether the loss of employment and productivity due to the surveillance outweighs the risk to the company. For a small company this argument is more convincing, chances of criminal employees are not very significant, and harrassers are usually pretty well known as such fairly quickly. For a large corporation the equation isn't nearly so clear, they are almost gauranteed to see abuses. I still think zero tolerance for any discovered abuses plus insurance for liability might be a better route for them, especially given your arguments about liability due to additional people seeing critical information.
I'm writing this from work, on company time. I'm playing devil's advocate, but... Let's consider this for a minute from the point of view of the employer.
/. just because one person stays on it all day? Should all web access be cut off because one person has a thing for kiddie-porn? Should all employees have to live within restrictive disk-quota policies because someone is running a rogue web business off of the company server?
- It is simply too much work to monitor all employee's 'break' habints individually.
- Many employees (ab)use work resources for their entertainment or personal gain.
- All employees are paid for a certain number of hours of WORK in a day.
When I work, I am paid for my 8 hours, plus OT as needed. I expect to be paid for that amount of time, so why should the employer not expect to get that much work out of me?? It's only fair, equal work for equal pay and all that. In this, the employer is simply protecting itself from exploitation by workers. (the degree of 'break' is at issue though)
Monitoring individuals is a resource black hole. It can not be done effectively without devoting a significant staff and resources. An automated monitoring system serves to gather statistical data about employee work and break habits, so that these statistics can be used to reduce privilige to 'acceptable' levels. What counts here is a conscientious and sensible HR/IT regulator that defines what 'acceptable' is. And hey, if we feel that our surfing during work hours is reasonable - and we expect out employer to trust us, why should we not trust that regulator to NOT be a slave-driver? If the average stats show a reasonable non-work usage, fine.
If certain individuals skew the stats, they are singled out. Isn't that fair? Would we want to lose all access to
Monitoring helps the company protect itself legally from those few employees who abuse and expose the company by engaging in questionable or unprofessional behavior on company time.
Monitoring helps the company protect itself from widespread abuse, by allowing the tailoring of 'freedom' to within acceptable levels.
We have to remember that while we are being paid for our time, we are renting ourselves to the company. Our employment agreement states that we are there, working, for 8 hours per day. If we are not, then we should not be getting paid for that much time. If we are, then we are violating the terms of our rental agreement.
We are the ones exploiting the employer, not vice-versa.
-- What you do today will cost you a day of your life.