backtop


Print 40 comment(s) - last by Shida.. on May 25 at 9:36 AM

"I always feel like somebody's watching me"...

Do you ever feel like someone is watching you, waiting for you to make a mistake?  Well if you're part of one of the 41 percent of largest U.S. companies that monitor their employees email on a regular basis, you might not be so crazy after all.

A surprising new survey is illustrative of the increasing loss of privacy on the internet, particular in public locations.  The company that published the study, Proofpoint, states that the cause of this privacy loss is not entirely malicious.  Companies have become fearful of information leaks over email, blogs, message boards, media sharing sites and mobile devices.  Over 44 percent of companies admitted to performing investigations into leaks this year.

Companies are responding by increasing employee monitoring.  Of the companies with over 20,000 employees, approximately 41 percent were found to monitor outbound email.  Of the large companies approximately 22 percent hired employees chiefly for the purpose of monitoring the other employees' email.

Aside from email leaks, 40 percent of companies reported investigating email violations of privacy or data protection regulations.  The results of these investigations -- 26 percent of all companies surveyed report terminating an employee within the last year for email policy violation.  Further, 23 percent of companies responded that their business had been impacted by the release of sensitive or embarrassing materials from within the company.  Of the largest companies, 34 percent report that their employee email was subpoenaed within the last year.

Companies aren’t just worrying about and watching employees' email communications, either.  Of all the companies surveyed, a surprising 27 percent reported that they lost confidential information through lost or stolen mobile devices within the last year.  In the past year 11 percent of companies reported disciplining employees for blogs or message boards.  In addition, 13 percent report punishing employees for inappropriate use of social networking sites and 14 percent report punishing employees for using media sharing sites.

Blogs are also under investigation these days.  Of the companies surveyed 14 percent of companies report investigating the release of material financial information (such as unannounced financial results) on blogs and message boards.

The unfortunate side effect of this trend is that it’s hard to tell companies are merely watching out for their own interests from companies who are looking to snoop inappropriately in employees personal lives.  The trend surely will leave many employees feeling a bit violated.

However, even those employees that are not subject to corporate monitoring may fall under the scope of increased government monitoring programs in the U.S. and abroad.  The UK government recently announced plans to try to collect its citizens' email, web, and phone history.  Web monitoring efforts here in the U.S. are also widely known.  People are having to face the somewhat unpleasant reality that their private lives online are becoming less and less private.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Violated?
By Kenenniah on 5/22/2008 1:56:28 PM , Rating: 5
quote:
The unfortunate side effect of this trend is that it’s hard to tell companies are merely watching out for their own interests from companies who are looking to snoop inappropriately in employees personal lives. The trend surely will leave many employees feeling a bit violated.


If people are sending personal email using company equipment on the company network and through company servers, how can they feel violated if the company reads those emails? First most business tell employees beforehand than any email at work is not private and may be monitored. Second common sense should tell you that when using their equipment they have every right to monitor what you use it for. If you want privacy on your emails (at least from your employer) do it on your own time with your own equipment.

I'm sorry but I get tired of people trying to make it sound bad when corporations monitor email at work or control internet access. People are getting paid to do a job, not waste time writing personal email anyway. A company has every right to protect and manage what goes on on its network.




RE: Violated?
By JasonMick (blog) on 5/22/2008 1:59:09 PM , Rating: 5
Common sense and people's expectations in life you'll often find are two disparate entities...


RE: Violated?
By Kenenniah on 5/22/2008 2:26:22 PM , Rating: 5
True enough.

It's like when I had to investigate a user for sexual harassment and found a ton of proof in his email history. When confronted with the evidence in the meeting where we fired him he couldn't believe we violated his privacy and looked through his work email.

Or another user that tried suing us after she was fired for averaging over 160 outbound personal emails a day. Figure that an average work day is roughly 8 hours, so 480 minutes. Then figure a very generous 1 minute per email and do the math. She had even been warned 3 times to cut back on personal email and do more work.

It's not like we actually read every email, but when we get a complaint, or see an abnormal sending pattern we take a look into it.

I could go on and on and it's sad really. I would love to just be able to trust employees and give them full access to things and not have to monitor anything. Unfortunately there are more than enough employees that ruin it for the rest of them.


RE: Violated?
By TomZ on 5/22/2008 2:33:07 PM , Rating: 4
I don't really see this as a tech problem. For example, would an employee have an expectation that a desk or locker might be searched by the employer? Probably so. So then why would people expect that something they do on company time using company computers and networks would ever be any different?

In my experience, I think most employees "get it," but there are still some slow learners out there.


RE: Violated?
By Adonlude on 5/22/2008 3:51:29 PM , Rating: 3
Sure I have that expectation but if my employer actually started searching my bags and locker I would be pissed. That would be an accusation or at minimum a sign that I am not trusted. That is not something a company should be subjecting their employees to if the company cares about having dedicated, loyal employees that are part of the "family".


RE: Violated?
By Mitch101 on 5/22/2008 4:45:52 PM , Rating: 2
If the company issued you those bags for business purposes then yes they could and its should not be seen by the employee issued those bags as a violation.

Company provides computers for work related reasons not so you can buy stuff on e-bay and get soccer schedules.


RE: Violated?
By Polynikes on 5/22/2008 6:02:07 PM , Rating: 4
I don't think they should search through that stuff unless they have reason to believe you've been doing something wrong. When they just do it randomly it's insulting.


RE: Violated?
By Mitch101 on 5/23/2008 12:35:41 AM , Rating: 2
I agree. Consider ourselves lucky a few places I am hearing have a ban on cell phones. Not just because of cameras but because of being able to listen in on meetings or other corporate conversations.


RE: Violated?
By kattanna on 5/22/2008 2:48:38 PM , Rating: 2
quote:
It's not like we actually read every email, but when we get a complaint, or see an abnormal sending pattern we take a look into it.


too true. I have some people here who ask me from time to time if i monitor them and i always tell them that i have more important things to do then watch what your doing.. but dont change that equation....


RE: Violated?
By Mitch101 on 5/22/2008 5:01:06 PM , Rating: 5
Same here we are under law/compliance to archive e-mail for a specific number of years. Many companies I have worked for must do this. (Financial and Pharma mainly)

To make this simple I see people resumes, pr0n, conversations, burnout videos, etc all the time. You can rename them unusual ways and even compress them with passwords but I still see them and can get to them. Yes even encrypted and even embedded in photos. I can even get them back if you hard delete them and even if they were in your PST files. The level of recovery is dependent upon how much money your willing to spend to get that data back. Most solutions today are actually archived before you ever receive the message in your Inbox or the moment you typed it on your PC. I have recovered messages in temp form before they ever hit send. We will even dig into your internet history and find what websites you get to e-mail that are not blocked.

Take it from a guy who has been involved in Billion dollar lawsuits. Dont ever put anything you dont want to be read by someone else in e-mail, instant message, any electronic form what so ever.

While were on the subject Intel having trouble locating e-mail is laughable. The fine for lost e-mail is most probably less than that of incriminating evidence which supports a conspiracy with names associated with it.


RE: Violated?
By bertomatic on 5/22/2008 2:12:52 PM , Rating: 2
Agreed. The owner of the equipment and data have every right to monitor and protect that data. As a sysadmin, I am supprised over and over at how "regular" employoees use company equipment for personal use. "keep it at home people".


RE: Violated?
By Kenenniah on 5/22/2008 2:32:59 PM , Rating: 2
Nothing more exciting than swapping digital cameras out for an employee only to find he left pretty pictures of his anotomy on the memory card of the old one.


RE: Violated?
By MrBlastman on 5/22/2008 3:05:13 PM , Rating: 3
Or how about being a sysadmin and finding out that one of the most important employees in the company is a chronic porn surfer?

Do you shake his hand ever again knowing what goes on at work? Does the CEO do anything about it?

It is a double edged sword - for some people, they are immune to it where others get busted.

If you don't think it should be at work, don't do it at work.


RE: Violated?
By Mitch101 on 5/22/2008 5:23:48 PM , Rating: 4
Managers are the best for pr0n and jokes. A good manager provides up to date new jokes worthy of reading.

Helpdesk is the worst for resumes and burnout videos and thinking they know ways around the system. LOL. A+ certified no more like D minus at most.

Accounting and HR for soccer mom schedules and extra curricular activities outside the office. Gossip too. The funny part here is Accounting and HR will open tickets for not receiving kids photos or soccer schedules or e-mail from their husbands.

Security funny enough they receive the most netflix e-mail. Should you be securing the place or watching movies?

Most of the time if you do get called to check on something its because someone forwarded the wrong joke or adult content to the wrong person or someone saw it over their shoulder.

My favorite ones to deal with are the people who receive a spoofed message from a yahoo/road runner account thinking they won a contest from the company you work for and you match the IP addresses to their local subnet.

A manager once moved his porn accidentally to a public folder.

Other things that come to mind.
Girls with ex boyfriends who start websites with their pictures on them. Ex wife/husband fights. Someone sending threats to people outside the company from someone else's computer left unlocked. VIRUSES from people who connect to external mail systems and open the attachments then try to deny and lie about it. Sadly the Viruses from external mail sources is someone from helpdesk 30% of the time. Again D Minus certified.

Every e-mail system should block AOL entirely because its just chain letters, jokes, virus warnings you heard 10 years ago that they just heard for the very first time. Budweiser frogs? Bill Gates sending you money if you forward this to 10 people?

In every company there is that one guy who must forward you ever piece of spam he ever receives in his inbox even though you tell him to just delete it and move on he never does this. At this point the e-mail team adds his name to spam just because.

A new thing I started seeing is spam with an IPV4 but last octet being IPV6. Example 192.168.2.354 I haven't tried this yet but its a pretty cool idea.


RE: Violated?
By phattyboombatty on 5/22/2008 3:55:01 PM , Rating: 2
quote:
The owner of the equipment and data have every right to monitor and protect that data.


Try using that same argument to secretly record phone calls. Even though your employee is using your phone, your phone server, and your phone lines, you're probably committing a federal and/or state crime by recording that call.


RE: Violated?
By Kenenniah on 5/22/2008 5:11:19 PM , Rating: 2
Tell that to evey customer service center. I'm guessing you've never hear the disclaimer telling you that this call may be monitored etc.? All you have to do is let people know their calls may be monitored and there is no legal issue. Just about every large company that I know of has policies that employees sign to work there. Phone calls are also different, since in order to record the call you are all recording what's being said on a different public or private network. To read an email, you don't have to touch on any other network. You are just reading text already stored on a hard drive in your server or your employee's computer.


RE: Violated?
By phattyboombatty on 5/22/2008 6:04:56 PM , Rating: 2
I hope you're not running a legal department anywhere. The customer service centers you mentioned get consent by informing the caller the call may be monitored. Thus, all parties to the call are aware of the recording and its ok. How does telling your employee that their call may be monitored inform the private party on the other end of the call that the call is being recorded?

Your example with email regarding public vs. private network only works for intra-office emails. Every outgoing and incoming email from outside your private network has to travel across public lines, and is analogous to the phone example. I'm not saying that recording emails is illegal. I'm just saying that the argument that "this is my property, I can do what I want with it" doesn't always fly.


RE: Violated?
By Kenenniah on 5/22/2008 8:54:14 PM , Rating: 3
Federal and most state laws (with the exception of 12 states) only require one party of a phone call to be aware of the recording. So it all depends on where the calls are taking place (and yes the strictest law stands). So for a call from Iowa to Kansas, only one party is required, but from Iowa to California all parties are required to be notified, so we are both correct depending.
http://www.rcfp.org/taping/

For the networks, there's a difference between passing through other networks, and actively recording information. With recording phone calls, you have to record both ends, so you are in effect streaming information from an outside network and recording it. With an email, the data has been completely sent to your equipment. It may have gone through other networks to get there, but you don't have to aceess or touch those networks to get the information, Every bit of it at the time you read it is located on your own private segment. I can disconnect my computer from the internet and still read an email. I can't disconnect from a phone line and still record a conversation. I'll grant you it's a very very subtle difference and I have no idea if it really matters or not :P

One way to look at it, is an email is more like the recording of the phone call. It's already been recorded, it was just sent to your servers. So to compare more directly, it would be like someone recorded their end of a phone conversation, and trasferred the wave file to your company's servers.


RE: Violated?
By phattyboombatty on 5/22/2008 3:32:40 PM , Rating: 2
quote:
If people are sending personal email using company equipment on the company network and through company servers, how can they feel violated if the company reads those emails?


You mean, if people are using the company's toilet in the company's restroom on the company's plumbing and sewer system, how can they feel violated if the company videotapes them doing it.


RE: Violated?
By Kenenniah on 5/22/2008 5:24:15 PM , Rating: 2
Are you actually comparing monitoring email to taping people using the restrooms? There's a huge difference between invading one's personal space (videotaping them undressed) and reading an email they chose to put on your server. There is a resonable expectation of privacy while using the bathroom, but bits of data they knowingly give to you?

No, monitoring email is more like videotapoing a naked employee because they were dumb enough to get undressed at a security entrance where they know a camera is recording.


RE: Violated?
By phattyboombatty on 5/22/2008 6:21:37 PM , Rating: 3
quote:
Are you actually comparing monitoring email to taping people using the restrooms?

I was countering your argument that an employee is entitled to no privacy if they are using company property.
quote:
There's a huge difference between invading one's personal space

Many people would consider their personal space to include their private email messages.
quote:
and reading an email they chose to put on your server.

Most people don't consider the act of sending an email to another person as "putting an email on your server." I could just as easily say "that employee chose to place their urine in the company's toilet and I was entitled to watch it as the company's representative."
quote:
There is a resonable expectation of privacy while using the bathroom

Bingo. Now you're actually getting to the real argument. It's not whether or not the property belongs to the company, it's whether a person has a reasonable expectation of privacy in their interactions with that property.
quote:
but bits of data they knowingly give to you?

Again, most people sending emails wouldn't characterize it as giving bits of data to the IT guy down the hall. They believe they are sending the message to the person in the "To:" field. Just because a company has the physical capability to view an email message, does not mean the email sender is giving that message to the company.

You touched on the key argument briefly, which is whether an employee has an expectation of privacy. The answer is probably no, if the company discloses to the employee at the beginning of their employment that the company monitors all emails.


RE: Violated?
By Nfarce on 5/22/2008 8:20:40 PM , Rating: 1
Comparing taking a dump on a company toilet to sending personal emails on a company PC are two entirely different things. One is a bodily function that MUST be done as a human being. The other is a non-WORK related activity. Anyone who would even think about comparing the two is an idiot. Do you think corporate dress codes are a violation of your privacy too?

That's about the attitude I expect of today's youth who feel they are entitled to everything, INCLUDING a job. (Newsflash: that job belongs to the company, not you, sport).


RE: Violated?
By mindless1 on 5/22/2008 9:05:07 PM , Rating: 2
News flash - that job doesn't "belong" to the company, a job is an agreement between TWO parties.

Yes, "today's youth" are entitled to everything including a job and what they can afford from their wages, they are free to do whatever they like (inside the law else suffer the consequences)and have equal power as their employer. A workplace is not a prison camp, if an employer wants to be overly controlling they will find they have to either pay the employee enough to accept that or the employee will choose to leave.

The flip side of your mistaken idea is that employers feel they are entitled to make policies not necessary for the operation of their business. Walking onto someone's property does not make you become their property, there is never control of another human being in a free society, only an agreement with terms that both parties have to adhere to.


RE: Violated?
By Kenenniah on 5/22/2008 9:18:30 PM , Rating: 2
In a way we are kind of arguing different points. To put it more simply, the way I look at it is this.
What it boils down to in my opinion, is whether an employee has a right to use company computers for personal reasons. Since the company is paying for the computers etc., and providing them to the employee with a specific purpose (doing work), I argue that they don't have an inherent right for personal use. If they don't have the right for personal use, then how can they have a right to personal privacy on those machines?

In the bathroom scenario, the restrooms are provided for very specific purposes, which inherently include privacy for bodily functions. After all, that is one of the primary reasons bathrooms are provided. Even then, if for example there was reason to believe drug deals were being conducted in the restrooms, the company would find some way to investigate. Not cameras over the toilets for obvious reasons, but they'd find some other method.

In a general sense, using company equipment for personal use is stealing. While we don't care if an employee prints off a recipe once in awhile for example, it's entirely another matter if they are constantly printing out 500 page books. In effect they are stealing paper, ink/toner, printer wear and maintanence costs, productivity, and time from the company.

Even the IRS makes a distinction between business and personal use of company assets. I have to pay income taxes based on how much I use my company car for personal driving. One could argue that personal use of computer computers etc. should fall into the same category.

One other aspect often not mentioned, is that when using a work email account, the company's name is on every outgoing email sent. When sending that email, the employee is acting as a representative of the company, and the company can be held liable under some circumstances for what that employee does with his email and internet access.

I do agree with your general sentiment however. I believe companies need to draw lines and be careful with their policies. On the one hand you want to protect your company interests, but you do have to take employee morale into account. You don't want them feeling oppressed and thinking the company is watching their every little move. It's all about finding a balance. After all, happy employees are good from a caring AND business standpoint.


RE: Violated?
By teckytech9 on 5/23/2008 1:31:31 AM , Rating: 2
quote:
It's all about finding a balance.

The balance can be argued to the ownership of all employee emails, and for all generated emails for any company in question. This can be a sensitive issue since authority of ownership often lies with the CEO, CIO, or other company executives.

Companies as individual entities tend to keep most of its matters such as company perks, bonuses and stock options private. What is interesting in the whole process is that emails taken as a record of communications, can be deleted "at will" as well as the personnel contracts of its employees. Most employees enjoy company perks, especially "milking the cow" while its still there.


RE: Violated?
By Shida on 5/25/2008 9:35:45 AM , Rating: 2
Very true. But just saying: what if they start going beyond monitoring through their company equipment and start, going oh I don't know, Orwellian?

It's 1984 man....and it's gonna be a looooong year...


RE: Violated?
By Shida on 5/25/2008 9:36:52 AM , Rating: 2
Very true. But just saying: what if they start going beyond monitoring through their company equipment and start going, oh I don't know, Orwellian?

It's 1984 man....and it's gonna be a looooong year...


"The Space Elevator will be built about 50 years after everyone stops laughing" -- Sir Arthur C. Clarke














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki