×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

When Big Brother Watches IT

samzenpus posted about 2 years ago | from the cc-me dept.

Businesses 234

bdking writes "In an effort to protect sensitive data from internal security threats, some organizations are 'using new technology to look at the language of their IT staff's emails to determine whether their behavior or mind-set has changed,' the Wall Street Journal reports. Is secretly spying on and linguistically interpreting employee emails going too far in the name of security? From the article: 'I understand the need to be aware of the attitudes of workers with high-level access to data and networks, but this strikes me as creepy. What if an IT employee suddenly has relationship problems or family issues? Will they then be flagged by HR as potentially troublesome or even a data security risk? And all without them even knowing there's a dossier being created of them and their "suspect" behavior?'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

234 comments

Prevention cheaper (5, Informative)

Tablizer (95088) | about 2 years ago | (#39695291)

Wouldn't it just be cheaper to not treat workers like shit?

Re:Prevention cheaper (5, Funny)

Anonymous Coward | about 2 years ago | (#39695301)

Wouldn't it just be cheaper to not treat workers like shit?

This one's going on the list.

Re:Prevention cheaper (2, Insightful)

durrr (1316311) | about 2 years ago | (#39695609)

If us bosses don't monitor the minions, how then should we know when they're onto our kickback schemes and other fraudulent privileges they are not entitled to know of us having?

Re:Prevention cheaper (0)

Anonymous Coward | about 2 years ago | (#39695969)

See, whenever one of our droids malfunctions, we just "fire" them into the trash heap. Problem solved.

Re:Prevention cheaper (4, Insightful)

Deekin_Scalesinger (755062) | about 2 years ago | (#39696191)

Why is any IT employee in their right minds sending our personal communications from their work computer? Come on - that's like common sense 101 stuff there, or at least, take some precautions...VPN, GPG, smartphone...

Re:Prevention cheaper (0)

Anonymous Coward | about 2 years ago | (#39695327)

No - you'd have to pay them more which means less $ for those at the top.

Re:Prevention cheaper (4, Funny)

JosephTX (2521572) | about 2 years ago | (#39695359)

you're confusing those types of bosses with people who see you as something more than an exchangeable cash cow.

Re:Prevention cheaper (4, Informative)

alexander_686 (957440) | about 2 years ago | (#39695531)

It’s one of odd things – how do you monitor employees without draconian controls? I think the trust of these programs is not that they can detect fraud per say, but rather they can identify people and situations which generate extra temptation. It does not matter how well you treat your employees, if somebody develops a gambling addiction (see below) it does not matter how well you pay them.

Here's another article.
http://www.economist.com/node/21547833 [economist.com]

In this case they are talking about detecting fraud with people who have level access to the books – think rouge trades and embezzling employers. However, from the article fraud comes from “incentive, rationalisation and opportunity”. You try to hire competent, well paid staff and put in controls. However, eventually you hit limits.

From personal experience, I know of a case in my company where a mid level middle age employee who had been with the company for over 20 years developed a gambling addiction. Over the course of 18 months she embezzled over $200,000 from the company via hundreds of transactions. She had been around long enough to know that the individual small amounts would never trigger a review

I would

Re:Prevention cheaper (5, Interesting)

PopeRatzo (965947) | about 2 years ago | (#39695695)

In this case they are talking about detecting fraud with people who have level access to the books â" think rouge trades and embezzling employers. However, from the article fraud comes from âoeincentive, rationalisation and opportunityâ. You try to hire competent, well paid staff and put in controls. However, eventually you hit limits.

One limit you hit is that mechanisms like you describe and like the ones in this article are never applied to top management and the board of directors. So, the ones who are in the greatest position to hurt the company the most are left out of any security regime.

And if you tried to put such mechanisms in place for the top people, they would all simply refuse, and nobody is there to call them on it, because everyone else at their level has the same attitude. This is one of the biggest dangers of income disparity. When it gets beyond a certain point, the elite "break away" from the social mechanisms and requirements.

Re:Prevention cheaper (2, Insightful)

Anonymous Coward | about 2 years ago | (#39695745)

Those are not only the people in the greatest position to hurt the company, but also those with the greatest incentive not to do so - why hurt a company that is paying you millions of dollars a year? Top management positions aren't that common that one would risk losing one.

Re:Prevention cheaper (5, Insightful)

Shavano (2541114) | about 2 years ago | (#39696105)

Those are not only the people in the greatest position to hurt the company, but also those with the greatest incentive not to do so - why hurt a company that is paying you millions of dollars a year? Top management positions aren't that common that one would risk losing one.

This flies in the face of reality. In the real world, some top managers develop such an inflated sense of entitlement that they believe they are worth far more than what they legitimately earn, deserve whatever they can take and that they will never get caught when they break the law.

Re:Prevention cheaper (4, Insightful)

turbidostato (878842) | about 2 years ago | (#39696179)

" why hurt a company that is paying you millions of dollars a year?"

Because they can get even more by hurting them *and* getting their golden parachutes after the havoc?

Re:Prevention cheaper (4, Funny)

RulerOf (975607) | about 2 years ago | (#39696265)

Because they can get even more by hurting them *and* getting their golden parachutes after the havoc?

I wonder if I'm the only person who hears or reads "golden parachute" and gets a mental image of a CEO jumping from a burning plane with his company's stock ticker on the side, holding on to a dozen overstuffed briefcases full of cash like he's a modern-day DB Cooper. :D

Re:Prevention cheaper (4, Insightful)

alexander_686 (957440) | about 2 years ago | (#39695913)

In my experience, as you move up the chain of command, any formalized controls become more stringent – not less. In my case, every level I move up in the company I have to disclose more, with the CEO having to disclose the most.

On the other hand, I have found misalignment increases. CEO’s don’t (normally) need to commit outright fraud – there is a host of grey areas to exploit.

The corporate jet is a classic example. It helps the CEO meet with clients, survey the business, saves time, etc. All of time & money will be well disclosed in the annual reports. If the CEO uses it for personal reasons, he has to pay it out of pocket. So everything is above board. Yet, who do a disproportionate number of CEO schedule official trips to Aspin during skiing season and during the summer?

Re:Prevention cheaper (1)

JosephTX (2521572) | about 2 years ago | (#39695835)

Those transactions have nothing to do with emails, though. You aren't going to find signs of account fraud in emails; you're going to find them in accounting records.

Re:Prevention cheaper (1)

tirefire (724526) | about 2 years ago | (#39696221)

Over the course of 18 months she embezzled over $200,000 from the company via hundreds of transactions. She had been around long enough to know that the individual small amounts would never trigger a review

How was she eventually caught?

Re:Prevention cheaper (2)

c0lo (1497653) | about 2 years ago | (#39696005)

Wouldn't it just be cheaper to not treat workers like shit?

Even if so, based on what the company is doing, it may not be enough.

TFA is based on (and links) another FA in WSJ [wsj.com]. Guess which company is the first to be quoted in regards with the tech? Diebolt, which seemed to be more interested on maintaining its face [wikipedia.org] instead of the quality of their products [wikipedia.org].

Who manages it? (5, Insightful)

GeneralTurgidson (2464452) | about 2 years ago | (#39695325)

If an HR department can install and manage software that interfaces with a companies email without IT knowing about, that company has bigger security concerns. If IT manages it, IT can circumvent it.

Re:Who manages it? (0)

Anonymous Coward | about 2 years ago | (#39695345)

Outside party? Maybe they have an electrician going in and taping the ether. Now it might not make it possible to intercept all communications although I'm sure at least some email could be intercepted. At least emails exiting that aren't encrypted.

Re:Who manages it? (2)

Shavano (2541114) | about 2 years ago | (#39696121)

If your IT guys are fully competent, the external guys can't do shit without their knowing about it.

Security (4, Informative)

nurb432 (527695) | about 2 years ago | (#39695451)

The it security team trumps the it sysadmin team.

Re:Security (4, Interesting)

JDG1980 (2438906) | about 2 years ago | (#39695507)

The it security team trumps the it sysadmin team.

This assumes a rather large company. Many organizations have one sysadmin who handles security issues as part of their job duties, or just a handful of "IT guys" who more or less handle everything. The library I work for has about 100-150 employees total; the notion of a separate "IT security team" and "IT sysadmin team" is ridiculous for an organization of this size. Our IT department is 6 people total.

Re:Security (1)

amRadioHed (463061) | about 2 years ago | (#39695993)

I think if we are talking about a company that is using this sort of monitoring software it is safe to assume it is a rather large company.

Re:Security (1)

DigiShaman (671371) | about 2 years ago | (#39696049)

Six people in an IT? Hopefully that only includes one admin, one lvl2 helpdesk guy, and the remaining four devs and data entry types. If those six are purely admins and heldesk, something ain't right. Too much bloat and inefficiencies going on.

Re:Security (0)

Anonymous Coward | about 2 years ago | (#39695559)

The it security team trumps the it sysadmin team.

Ha! Where do you work?

A more important question. (0, Offtopic)

khasim (1285) | about 2 years ago | (#39695489)

A more important question is why would anyone take anything said at "ITWorld" as factual?

Has anyone here run into this before? What vendor?

All of their examples seem wrong. The length of an email will change based upon the circumstances of that email. Is it advisory? Is it for documentation? Is it CYA?

Re:A more important question. (3, Informative)

Zontar The Mindless (9002) | about 2 years ago | (#39695547)

A more important question is why would anyone take anything said at "ITWorld" as factual?

It's not just ITWorld's say-so. They cite this WSJ article [wsj.com], which also says so.

Re:A more important question. (1, Troll)

ColdWetDog (752185) | about 2 years ago | (#39695643)

A more important question is why would anyone take anything said at "ITWorld" as factual?

It's not just ITWorld's say-so. They cite this WSJ article [wsj.com], which also says so.

Oh, now you're really bumping up the truthiness.

Re:A more important question. (2)

Zontar The Mindless (9002) | about 2 years ago | (#39695929)

Huh? All I'm saying is that ITWorld apparently didn't make this stuff up out of thin air. They cite WSJ, and WSJ provides quotes and attributions for same. ITWorld may or may not be a paragon of virtue. I tend to be sceptical of ITWorld's reporting generally, myself, but can't find fault with them in this particular instance.

Let me tell you about something called "journalism", just in case you've never heard of it or worked in the field yourself. (It so happens that I worked in broadcast journalism for some years.) Yes, the ITWorld story constitutes an example of correctly and responsibly done journalism: ITWorld provides a cite, and their source is a very well-known publication which has been around for quite a long time, and which in turn provides a number of cites of its own, including names, firms they work for, and positions held at those firms. This is how journalism is done. In journalism, "I've {never|always} heard of..." does not cut the mustard; having quotes from people who are willing to identify themselves while going on record does.

You are free to verify with Chip Whatshisname at DoucheBagCo whether or not he (a) actually said what the WSJ claims he did and, if so, (b) was telling the truth when he said it and was not taken out of context. But don't blame me or even ITWorld if it turns out to be a fabrication, distortion, or even some truth that happens not to be to your liking.

As for me, I think the story's a plausible one, although I reserve the right to change my mind if and when I encounter convincing evidence to the contrary. A veiled accusation of having some sort of hidden rightwing political agenda by some J. Random Internet Fuckwad does not supply it.

It's actually pretty funny, given that my politics are just slightly to the right of Leon Trotsky and that I don't especially try to keep that a secret around here, or in real life, for that matter.

Yeah. (2)

khasim (1285) | about 2 years ago | (#39695653)

I'll ask the question again:
Has anyone here run into this before? What vendor?

That Wall Street Journal article reads more like an advertisement.

"If someone works 9 to 5 and all of a sudden their privileges are used at 3 in the morning, it needs to set off an alarm within the company," says Chip Tsantes, a Washington, D.C.-based principal at Ernst & Young who advises financial-services firms about security and other issues.

I don't know about you but I've often worked on systems at 3am. And on weekends. And holidays.

The company looks for triggers such as vulgar words, messages marked as high priority and privileged information such as credit-card numbers. While an employee may be sending a credit-card number to a family member, they just as easily could be trying to email the personal data of a customer.

Anyone in IT who sends a credit card number via email needs to be fired any way. They're just too stupid to have on staff.

Anyone sending anything at all like that through COMPANY email needs to be fired any way. They're too likely to cause a problem with legal discovery should a different lawsuit pop up.

And so on. So I'll ask again, has anyone here run into this before? What vendor?

so who installs the monitoring software ? (0)

Anonymous Coward | about 2 years ago | (#39695329)

Let me guess. the same people who can modify the software to have it analyze emails from HR email accounts instead of IT email accounts.

Pretty much proves the point (5, Funny)

Anonymous Coward | about 2 years ago | (#39695331)

What if an IT employee suddenly has relationship problems or family issues?

There's definitely something suspicious going on when IT employees have relationships, nevermind relationship problems.

Personal emails at work? (3, Insightful)

PT_1 (2425848) | about 2 years ago | (#39695333)

"I understand the need to be aware of the attitudes of workers with high-level access to data and networks, but this strikes me as creepy. What if an IT employee suddenly has relationship problems or family issues?"

Not commenting on whether monitoring employee emails is right or wrong, but why would somebody use their corporate email account to deal with relationship or family issues? In a world where companies can and often will read their employees' emails, that anyone would use their work email for anything personal seems short-sited. Sign up for one of the free web-based mail accounts.

Re:Personal emails at work? (1)

Anonymous Coward | about 2 years ago | (#39695391)

Many companies today configure their firewalls to block access to webmail services because they are afraid an employee might use webmail to bypass the filters they use to detect or block attempts to send confidential company data outside the corporation.

Re:Personal emails at work? (1)

Anonymous Coward | about 2 years ago | (#39695539)

That is all true, but the employee can do their personal mail at home or on their phone. They don't need to be doing it at work, when they should be - you know - working.

Re:Personal emails at work? (0)

Anonymous Coward | about 2 years ago | (#39696033)

Humans need to do some personal things inside work hours just as they are needed to do work things outside of work hours. Tit for tat.

Re:Personal emails at work? (2)

Anonymous Coward | about 2 years ago | (#39695401)

The issue Isn't people using work email for personnal reasons, but that personal problems may change the way you talk about work issues.

Its perfectly possible that a problem at home will change peoples mood while they're at work thus changing the language they use when discussing work and triggering the system.

Re:Personal emails at work? (1)

Shavano (2541114) | about 2 years ago | (#39696209)

I think this idea must be based on half-baked pseudoscience. Is there really any science that backs up the claim that you can identify whether an employee is a security risk based on a change in how they use language in work-related emails? Really

Let's say you're a senior manager and somebody pitches software to do this to you. Do you or do you not ask for evidence that it can tell the difference between normal evolution of personal use of language and "security risks?"

Re:Personal emails at work? (2)

Anonymous Coward | about 2 years ago | (#39695405)

I think you missed the point. Even if you aren't using work email for personal issues if something is affecting your life, it might change your whole attitude. Perhaps you are becoming more and more short with people at work because you're not coping well at home.

They can now see that and flag you... Even though it may not be a true work issue...

Re:Personal emails at work? (1)

tverbeek (457094) | about 2 years ago | (#39695453)

Who said anything about personal e-mail? Even the summary explains that they're talking about automated analysis of language patterns, not "reading employees' mail". From TFA:

"If you start to feel differently about the company you work for and the people you work with, you'd be surprised how your language changes," .... Common red flags include a dramatic change in the length of a person's emails. For example, someone may start writing emails of half a dozen words when their messages used to read like novels. Other tip-offs: a rise in the number of anger-related phrases, greater use of the word "me," and signs of more-polarized thinking, like the words "never" and "always."

Re:Personal emails at work? (1)

nurb432 (527695) | about 2 years ago | (#39695461)

People do it all the time. both to outsiders and a LOT of internal non business chatter.

People are social creatures, its natural to do it.

Re:Personal emails at work? (1)

Anonymous Coward | about 2 years ago | (#39695487)

I never have understood why people send personal emails from work anyway. Even with a free web based email account a lot of shops run DLP products that can still read the emails. If you must send personal emails on work time, which I don't agree with, at least be smart and use your phone, tablet, or some other 'off network' device.

Re:Personal emails at work? (0)

Anonymous Coward | about 2 years ago | (#39695697)

These issues then become the issues of the whole government/company, and not just your own. That's what happens. Think about it this way: It could affect 'worker productivity' or 'worker state of mind', which would lead to sub-par work being done. Why wouldn't they want to monitor something that can have that effect?

Albeit, I disagree with it on moral grounds, but I can definitely see their argument.

Re:Personal emails at work? (1)

Shavano (2541114) | about 2 years ago | (#39696157)

The mere fact that an IT employee sends personal emails from his corporate account indicates that the employee is not sufficiently sensitive to security issues. The employee needs to be brought up to speed on Why That Is A Bad Idea.

Who installs and maintains this? (2)

jesseck (942036) | about 2 years ago | (#39695347)

HR isn't going to install and maintain this, and many of the people this is supposed to watch will be involved. If you hire a 3rd party to install, maintain, and monitor, will you trust them more than your employees with such information? Even then, is IT going to expend infrastructure setup and maintain network services for a black box with no "critical" (since IT doesn't know about it, it can't be classified as critical- HR doesn't make that call) function?

This is not a new problem (2)

jd (1658) | about 2 years ago | (#39695353)

Nor is this a new complaint. Waaaay back, before many Slashdotters were born, a little-known two-tone group penned the following lines regarding abuses of this kind by governments and corporations alike:

Why must you record my phone calls?
Are you planning a bootleg L.P?
Said you've been threatened by gangsters
Now it's you that’s threatening me.

Can't fight corruption with con tricks
They use the law to commit crime?
I dread, dread to think what the future will bring
When we’re living in gangster times.

Seems to me that nothing has changed in the intervening years. Things haven't gotten worse, the younger generation is merely seeing the problems that the previous generation did.

Creepy but... (5, Insightful)

PastBlast (2617971) | about 2 years ago | (#39695363)

That's why I never send personal email on the company's system. I also don't keep any personal files on the company supplied computer nor do web browsing on it. It's a hassle sometimes, especially when I need to carry around my personal laptop. And, in reverse, I never do "work" on my personal computers. While I don't think my company is spying on me, I go by that assumption because they can start at any time without my knowledge. It's my way of mitigating that risk. In general, I think it's also a good way to keep my personal life separate from work. I learned that years ago during some stress reduction workshops I participated in.

Re:Creepy but... (0)

Anonymous Coward | about 2 years ago | (#39695759)

ssh -D3000 your.home.computer

Specific setup is left as an exercise for the reader.

I do think my company is spying on me. (1)

Anonymous Coward | about 2 years ago | (#39695771)

"While I don't think my company is spying on me, I go by that assumption because they can start at any time without my knowledge. It's my way of mitigating that risk".

iSPY on YOU [uploadimage.co.uk]

I do think my company is spying on me, lucky I only ever use the CEOs account and there's an easy way of bypassing the webproxy. Seriously though, if the company is spying on email usage and lets say someone starts to browse AIDs sites, dontcha think they are gonna fire him before he starts dipping into the medical insurance fund?

Re:Creepy but... (1)

Thing I am (761900) | about 2 years ago | (#39695871)

Similar to you, I operate at work knowing that I am being monitored. Video is being recorded in my office, in the building my office is in, on the roads I travel to and from the data center and in the data center. Phone calls are logged, email is being archived and company computers are routinely checked for unauthorized use. I never ever conduct personal business on company computers or time. I know this because I'm the one responsible for maintaining the systems. Sure it would be easy to circumvent for myself but it's not worth the hassle. It's easier just to do anything personal on my laptop.

The Potential for Abuse is enormous... (2)

dryriver (1010635) | about 2 years ago | (#39695371)

IT Guy: Sir, it would be wise to install abc software on our system, for increased security. Boss: We can't do that right now. It doesn't fit the budget. IT Guy: What about installing xyz software then? Its cheaper and could be useful... Boss: Nope. We can't do that either. Maybe next year. Boss simply walks away. Disappointed IT Guy's email language/wording/length changes a bit as a result... HR Person: Sir, our software is reporting that XX from the IT staff is having a mind-change. Boss: Really? XX? Well, we'd better look into that. Maybe I should fire the guy outright. You never know with these mind-changes...

Re:The Potential for Abuse is enormous... (1)

HornWumpus (783565) | about 2 years ago | (#39695519)

Anything that encourages those idiots to shoot their own peckers off is a good thing.

An old enough industry to require unions (1)

Anonymous Coward | about 2 years ago | (#39695425)

Clearly IT is now an old enough industry to require proper union representation to protect workers, who may be very intelligent and capable in their line of work, to have reasonable terms and conditions in their contracts of employments (legal faff that they aren't knowledgeable in) so that they aren't screwed over by such systems and mechanisms.

Re:An old enough industry to require unions (2)

nurb432 (527695) | about 2 years ago | (#39695483)

All that will do is raise the entry bar for people coming in the industry ( and keeping many out ) and raise the overall cost of IT.

Unions do have their place. An IT shop is not one of them.

Re:An old enough industry to require unions (5, Interesting)

Zontar The Mindless (9002) | about 2 years ago | (#39695649)

Unions do have their place. An IT shop is not one of them.

You should really try to be more open-minded about such things. Maybe even consider moving to Sweden, where nearly everyone is entitled to union representation whether they bother to join one or not.

When we got bought, and the new owners tried to take away nearly all my benefits, my IT workers' union did a pretty good job of nipping that nonsense in the bud. Maybe I should show my appreciation by signing up and paying them the ~$25 per month they want as dues for actual membership. That's only about 2% of what I would have lost if they'd not gone to bat for me.

Re:An old enough industry to require unions (1)

Anonymous Coward | about 2 years ago | (#39695919)

I don't want unions per se, but I do want things that most other workers get, like overtime.

kick 'em when they're down (4, Interesting)

tverbeek (457094) | about 2 years ago | (#39695433)

What if an IT employee suddenly has relationship problems or family issues? Will they then be flagged by HR as potentially troublesome or even a data security risk?

I got suddenly canned from a sysadmin job when I showed signs of irritability and started requesting half-days off here and there. Except in this case it was because my boyfriend was critically ill, and they knew that. They just didn't give a fuck.

Re:kick 'em when they're down (1, Insightful)

nurb432 (527695) | about 2 years ago | (#39695495)

You became a liability. There were others inline for your job that weren't a liability. It wasn't that they didn't care about you personally, its just the reality of business. "Caring" doesn't pay the bills.

Only if you are replaceable. (1)

khasim (1285) | about 2 years ago | (#39695517)

Only if you are replaceable.

Lots of people can do the same job as you do. Some do it better. Hopefully you're good enough at it that more than 50% will do it worse.

And at the same salary (or lower).

AND has your knowledge of the systems and the "why were they set up that way" tricks and traps so that they don't cause any unexpected down-time trying to "fix" something that is not really broken.

Re:kick 'em when they're down (0)

Anonymous Coward | about 2 years ago | (#39695673)

And you are a dick who makes excuses for and thus empowers even bigger ones. Get a clue already.

Re:kick 'em when they're down (3, Insightful)

Rakishi (759894) | about 2 years ago | (#39695687)

And those other people are also a liability because they may not be able to do the job. Even if they can do the job it'd take them 2-3 months to get up to full efficiency at doing their job.

Furthermore, every other employee, including the replacement, now knows that the company will fire them at the drop of a hat. In other words, they now have a signal that they may want to start sending out resumes before it happens to them. The fired person's social network will now also know that the employer is an asshole and to steer clear if possible.

So yes, caring does pay the bills if a company cares about anything but the short term balance sheet (not even short term productivity).

Re:kick 'em when they're down (2)

Kjella (173770) | about 2 years ago | (#39695763)

And the other way around too, people that have gone through a bad time and come out on the other side develop a high loyalty and everyone around them knows that if shit happens you're cared for. It's the kind of intangible benefit that tend to keep people in one place, salary is measurable but work environment for the most part isn't. If you've got a good one, people are reluctant to leave. At least a little up in the system high turnover is generally one of the warning lights.

Re:kick 'em when they're down (1)

epyT-R (613989) | about 2 years ago | (#39695927)

well, if we can't expect employers to care, how can we expect employees to care...ie to not use 'short language' in emails and not show signs of 'irritability'.

Re:kick 'em when they're down (1)

Anonymous Coward | about 2 years ago | (#39696003)

I hope some disgruntled employee dumps gasoline on you and sets you on fire. It would be very cathartic for them and good karma for you.

Re:kick 'em when they're down (3, Insightful)

laughingcoyote (762272) | about 2 years ago | (#39696169)

Aside from the fact that what you're saying shows a total lack of humanity, it's also wrong.

If I saw another employee I worked with being treated that way, believe me, I'm looking for a new job the moment I get off work that day. And then all of the training, experience, etc., that they've paid me well to develop, walks right out the door.

That aside, loyalty is meant to be reciprocal. As long as a company is "paying the bills" adequately, a little decency for those undergoing tough times and have spent years of their lives helping to build the company is not exactly uncalled for. I have worked several places that coworkers were more than happy to pick up some slack for someone in a tough situation, especially since it was well understood they could accept the same in return. That type of environment is far more productive than one where everyone spends half the day looking over their shoulder.

"It's just business" is not an excuse for unconscionable behavior, and it's been used that way for far too long.

Common Occurance. (0)

Anonymous Coward | about 2 years ago | (#39695455)

This is really nothing new when it comes to IT in large corporations. In the past there has been similar stories of companies hiring other IT people to spy on their IT department, the only difference is that now its cheaper for them to buy a program to do it for them.

Speaking as a state employee (3, Interesting)

93 Escort Wagon (326346) | about 2 years ago | (#39695485)

In Washington state, anyway, the email of all us state employees is considered to be part of the public record... so in theory this sort of monitoring would be relatively easy to implement. Funny thing is - as a Washington state employee, I feel less vulnerable to this sort of snooping than if I were employed by a private company.

Paranoid people (2)

david999 (941503) | about 2 years ago | (#39695503)

Some companies take screenshots of what is on your computer all day long. Now they want to peer into your email as if it were an inkblot and predict your behavior. It is best to work elsewhere as that company employs paranoid people who somehow got into the position to spy on people and convince management that is a good thing instead of just seeing if the assignments are completed each day. These are the same companies that put 4 levels between you and getting a quick answer. Procedures are to be followed! Tell the customer you will get back to them in a day or two instead of a minute or two. You will go farther elsewhere. If you stay you risk being slandered by these paranoid people.

Company network (1)

Anonymous Coward | about 2 years ago | (#39695511)

Every time I log into my employer's network I get a popup window that states: "You should have no expectation of privacy". I take it seriously.

I respond differently (1)

Jaktar (975138) | about 2 years ago | (#39695527)

I respond differently depending on who it is I'm responding to. There's the usual site wide formal email. Then there's the technical email to the bossman. There are also the jovial type that go to the close co-workers. I think you're just better off using keywords to look for "problems". If they start to use the work "fuck" or "kill", maybe have a closer look.

Re:I respond differently (1)

TENTH SHOW JAM (599239) | about 2 years ago | (#39695891)

So when I turned off Server RAHRAH125 and sent out the email "Just Killed 125." that would be bad? and speak of sociopathy?

Re:I respond differently (1)

wmbetts (1306001) | about 2 years ago | (#39696155)

have a little fun with it.

w00t I just killed that fucking bug time to commit!

I wonder how many alarms that would ring.

If you don't trust your sys/network admin... (4, Insightful)

gstrickler (920733) | about 2 years ago | (#39695543)

...do yourself and your admin a favor and get rid of him/her. He/she won't like working for someone who doesn't trust him/her, and you won't like constantly being suspicious.

I've given that advice to all my clients over the years. You can extend the concept to the rest of your IT and/or security team. That doesn't mean you shouldn't take precautions, have checks and balances in place, etc, but fundamentally, if there isn't a high level of trust, deal with the lack of trust, either by discussing it until there is an understanding and trust, or by ending the relationship.

Secretive monitoring is not the way to handle a lack of trust. The only exception is when there is already probable cause to believe a crime has been committed, then, in some cases, monitoring to gather proof may or may not be necessary or appropriate.

Re:If you don't trust your sys/network admin... (1)

magamiako1 (1026318) | about 2 years ago | (#39695945)

How, exactly, do you implement a "checks and balances" system when the security of the IT system is ultimately a pyramid? There is always a *god* or *root* user, and it's always going to be a technical person that isn't necessarily the business front of the IT team.

Re:If you don't trust your sys/network admin... (2)

gstrickler (920733) | about 2 years ago | (#39696017)

Multiple "gods", sort of polytheistic IT. If they're good, they'll notice If one of the others isn't doing his/her job, and they'll notice artifacts if one of them is trying to cover his/her tracks.

JUDAS PRIEST (4 my fellow IT/IS/MIS folks) (-1)

Anonymous Coward | about 2 years ago | (#39695595)

http://www.youtube.com/watch?v=b1B_pZC8aWU&feature=related [youtube.com]

"Up here in space - I'm lookin' down on U. My lasers trace everything U do! You think you've private lives? Think NOTHING OF THE KIND! There is no true escape, I'm watching ALL THE TIME!! I'm made of metal - my circuits gleam! I AM PERPETUAL I KEEP THE COUNTRY CLEAN: I'm elected - Electric Spy. I'm protected (ELECTRIC EYE!!!). Always in focus: Can't kill my stare - I ZOOM INTO YOU (but you don't know I'm there). I take a pride in probing ALL YOUR SECRET MOVES... my 'tearless retina' takes pictures that can prove... I'M MADE OF METAL: MY CIRCUITS GLEAM - I AM PERPETUAL I KEEP THE COUNTRY CLEAN! I'm elected - Electric Spy. I'm protected (ELECTRIC EYE!!!). Electric Eye (in the sky) Feel my stare (always there)... There's nothing you can do about it: DEVELOP & EXPOSE - I feed upon YOUR EVERY THOUGHT (& so my power grows). I'm elected, PROTECTED, DETECTIVE (electric eye...)"

* Question is, "Who watches the watchmen?", who are watching us? What a truckload of bullshit...

APK

P.S.=> What is this planet coming to??

See - I suspect that the "powers that be" on most ALL FRONTS are losing control because of the utter BUNGLING JOB THEY'VE DONE economically, politically, and mostly done DISHONESTLY & DISHONORABLY...

HOWEVER:

That's what you get, when your "fine leaders" in many fields are the WEALTHY 1% who are only greed-driven (heroin junkies for money & power) and largely undereducated fools who have blown it, SO BADLY, they're putting up cameras & surveillance everywhere... they're reacting!

Why? Something is WRONG & they KNOW they "F'd up" & are preparing for backlash that's already started... only in minor amounts. Which scares me some, because of the "2012 'end of the world'" stuff (which I have trouble swallowing even though there is a lot to support it from many sources that are notable)... people have a "FUNNY WAY" of doing things (revolutions included) when they've got nothing to lose... in other words, I am worried about people "panicking" around Dec. 21, 2012 & doing a lot of STUPID things (murder, looting, & more).

Doom & Gloom? No. Just sheer worry. People are dangerous animals when stirred & desperate (kind of like how I see our "leaders" reacting in fact).

No, I'm no "Anonymous/LulzSec" anarchist hacker, or a "Occupy" movement person either - I am just an ordinary guy who looks around himself and sees nothing differently (& trust me, I've TRIED to see validity in their actions, I see zero)... apk

Why a mod-down? Don't u like music?? (0)

Anonymous Coward | about 2 years ago | (#39695973)

Especially music that fits the topic to a tee???

APK

P.S.=> Ah yes, there's NOTHING QUITE LIKE having a "stalking/harassing/trolling" fanclub that mods down your posts, trolls you later by ac, & thinks they're "fooling everyone" on how it's done (ala moddown, logout of your "registered 'luser'" account, & troll after by AC): "Huge Trick" that, lol!

Please... oh, it even gets better!

Multiple sock-puppet account users galore are in use here too, ask tomhudson = Barbara, not Barbie, or clone52431 = clone53421 & of course, the irreplaceable (lol, cuz he has so many of these) MichaelKristopeit (with his 500++ user accounts) & more...

If anyone questions that? Look up each user name posted here. I can show quoted evidences of them doing it (especially tomhudson):

tomhudson = stalks /. posters via ac troll replies

"Wait until he starts on another kick, then reply to him as an AC. It's the new meme". - by tomhudson (43916) on Sunday May 09 2010, @08:29PM (#32150544) Homepage Journal

QUOTED VERBATIM DIRECTLY FROM -> http://slashdot.org/comments.pl?sid=1646272&cid=32150544 [slashdot.org]

"BTW - if you're going to tell this guy to stop spamming his hosts file crap, make sure you do it anonymously" - by tomhudson (43916) on Saturday April 16 2011, @11:45AM (#35840680) Journal

QUOTED VERBATIM DIRECTLY FROM -> http://slashdot.org/comments.pl?sid=2086920&cid=35840680 [slashdot.org]

---

tomhudson & crew from trolltalk.com also CHEAT THE MODERATION SYSTEM HERE, & others noted it also -> http://slashdot.org/comments.pl?sid=2236608&cid=36442386 [slashdot.org]

"I do whatever amuses me at the moment. Sometimes that is trolling. As far as AC? I only do that to avoid undoing moderations." - by gmhowell (26755) on Wednesday April 20, @12:49AM (#35877174) Homepage

---

So - HOW do they do it?

---

Well, they mod one another up (even IF it's TOTAL bullshit they said, or for trolling). That's the easy part & HERE THE PROOF OF IT:

http://slashdot.org/comments.pl?sid=2212152&cid=36361542 [slashdot.org]

PERTINENT QUOTE/EXCERPT from "mcgrew" (another "trolltalk.com" alternate registered 'luser' account guise these idiots keep & in this case, to upmod "webmistressrachel" when she was being destroyed by downmods):

"I just get a boatload of mod points sometimes (excellent karma) when I don't comment too prolifically. I used five or so on you, but they were comments worthy of being modded up, anyway. - by mcgrew (92797) * on Tuesday June 07 2011, @08:27AM (#36361542) Journal

QUOTED VERBATIM FROM -> http://slashdot.org/comments.pl?sid=2212152&cid=36361542 [slashdot.org]

---

NOW, & I'll let one of their OWN, in "countertrolling" (obviously just another fake username they have here/another account) even say how they do the reverse (downmod others & troll them):

"...posting AC undoes mods... Not if you're logged out... " - by countertrolling (1585477) on Sunday June 19 2011, @11:56AM (#36491652) Journal

QUOTED VERBATIM FROM -> http://slashdot.org/comments.pl?sid=2245866&cid=36491652 [slashdot.org]

So, in essence folks (just like the guy above noted that the "trolltalk.com" bunch's posts get upmodded wrongly?) They do the following to cheat the mod system AND to harass others:

1.) Downmod someone
2.) Logout of your /. "registered 'luser'" account
3.) Stalk/Harass/Troll by AC replies
4.) Start from step #1, & do it again repeatedly (with the other trolls from trolltalk.com)

* Moderators/Owners of /.: DO US ALL A FAVOR - get rid of this pack of TOTAL assholes, most especially tomhudson, please... thank you.

"trolltalk.com" = gmhowell, tomhudson, webmistressrachel, squiggleslash, countertrolling, mcgrew, & other registered LUSER 'guises' they use (I suspect they're all tomhudson, just using multiple sockpuppets/fake alternate user accounts),

It's not even ORIGINAL thinking for Pete's sake, & only shows what 'trolls' FAVORITE COLOR IS: TRANSPARENT!

(Easily seen thru, in other words...)

In the end? I'll use proofs via documentation as I always do in that regards:

the BEST source of evidence of that going on, especially on /., is probably the words of Mr. Bruce Perens on it:

"It just takes one Ubuntu sympathizer or PR flack to minus-moderate any comment. Unfortunately, once PR agencies and so on started paying people to moderate online communities, and to have hundreds of accounts each, things changed." - by Bruce Perens (3872) on Friday July 30, @03:55PM (#33089192) Homepage Journal

SOURCE -> http://linux.slashdot.org/comments.pl?sid=1738364&cid=33089192 [slashdot.org]

It's truth that these evidences verify:

E.G.-> There's HBGary who got caught in the act doing it:

http://www.dailykos.com/story/2011/02/16/945768/-UPDATED:-The-HB-Gary-Email-That-Should-Concern-Us-All [dailykos.com]

PERTINENT QUOTES/EXCERPTS:

"According to an embedded MS Word document found in one of the HBGary emails, it involves creating an army of sockpuppets, with sophisticated "persona management" software that allows a small team of only a few people to appear to be many, while keeping the personas from accidentally cross-contaminating each other. Then, to top it off, the team can actually automate some functions so one persona can appear to be an entire Brooks Brothers riot online... And all of this is for the purposes of infiltration, data mining, and (here's the one that really worries me) ganging up on bloggers, commenters and otherwise "real" people to smear enemies and distort the truth... "

&

"The Chinese Water Army"

http://news.softpedia.com/news/Chinese-Water-Army-Posts-Comments-For-Anyone-Who-Pays-236294.shtml [softpedia.com]

* Each doing the same bogus sockpuppet crap, & they're ALL/EACH scum too - just like trolls like you that do the same here... apk

Is this real? (2)

tomthepom (314977) | about 2 years ago | (#39695693)

'That the "enemy within" is the biggest threat to an enterprise is nothing new...'
dossier's of 'suspect behaviour'
"It has gotten to the point where we have to monitor everything everybody does, especially those working with sensitive data like the IT staff,"

WTF? In my years in IT I've never experienced this sort of paranoid 'treat your employees like potential threats' attitude. But then I've never worked in the US. Is treating your people like humans, keeping them invested and paying them fairly just an outdated, naive notion over there?

Re:Is this real? (1)

mbkennel (97636) | about 2 years ago | (#39695731)

"Is treating your people like humans, keeping them invested and paying them fairly just an outdated, naive notion over there?"

No, it's considered to be a fellow traveler with Communism.

Re:Is this real? (0)

Anonymous Coward | about 2 years ago | (#39695831)

Yes, yes it is. Most of American society really is as bat-crap crazy as they say.

They did something like this to the Enron Execs (4, Interesting)

Karmashock (2415832) | about 2 years ago | (#39695773)

I believe this was more of an analysis. They fed thousands of time stamped memos into an algorithlim. The idea was to look for differences in speech pattern or word choice in reference to the conspiracy.

What they found in Enron at least was that as people behaved increasingly corrupt they became increasingly formal with each other. Casual comments tended to be innocent ones where as memos concerning the corruption tended to unusually professional.

Personally, I don't care what the company does with my corporate email. Scan away. It's so boring that I understand why they want to have a computer read it instead. And who knows, they might actually uncover a problem.

Obviously people will be worried about false positives. But I doubt anyone is going to take the computer's opinion as gospel. Likely, the computer will just point to a given collection of emails and suggest management read those specifically. Where upon management can decide if they have a problem or not.

Re:They did something like this to the Enron Execs (1)

Jiro (131519) | about 2 years ago | (#39696069)

But I doubt anyone is going to take the computer's opinion as gospel.

I am less doubtful than you. Anything that can be measured, and that especially includes numbers spat out by a computer algorithm, is something that managers love to use regardless of whether it actually measures anything significant or, if it does, regardless of any caveats the user is supposed to consider before using it.

Re:They did something like this to the Enron Execs (1)

Karmashock (2415832) | about 2 years ago | (#39696255)

I don't see how this could be used against you.

What are you thinking? That the boss will call you in and say "Tim, the computer is saying your sentence patterns might indicate deceptive behavior. Do you have something to tell me?"...

Might a stupid boss make this an issue/ Sure. But then a stupid boss is going to make something an issue no matter what. So what exactly are you losing here. Idiots will be idiots. They don't need help.

Re:They did something like this to the Enron Execs (0)

Anonymous Coward | about 2 years ago | (#39696213)

That would be a disaster. What about the real tried and true security guys. People like me that refuse to even have a slashdot or facebook account lest it be a later concern. Everything I do on someone else's dime is of the utmost quality, efficiency, and accountability that I can muster. I am never not formal 'on the clock'. An algorithm such as this would have me flying out the door merely for my applied perfectionism. Seems that it is just another way of pushing the status quo deeper into mediocrity.

Tit for Tat (1)

Anonymous Coward | about 2 years ago | (#39695903)

Research and simulations have shown that the optimal strategy for group behavior is Tit for Tat.

Wikileaks for the win!

Well (0)

Anonymous Coward | about 2 years ago | (#39695917)

One should always assume that emsil sent via an employer-owned device is monitored. Eemployees should not be sending non-work related emails via such devices. An employer should not expect to be able to monitor emails sent from employee-owned devices. Employee owned devices should not br brought to work, or if they are, they should only be turned on/used during breaks.

Employers should never expect employee-owed devices to be used for work-relted tasks, and employees should never use employer-owned devices for non-work related tasks

For example: I might bring my cell phone to work, but it will be turned off or left in a locker except for break times. If I need a cell phone for work, my employer will have to provide one, which they have the right to monitor the use of.

If I buy a tablet or a laptop, It will not be taken to work nor be used for work-related stuff. If I need a tablet or laptop for work, my employer will hsave to provide it. Most people do not need a laptop, tablet, or cell phone for work. A desktop computer and the company wired phone are sufficient. I will keep 100000% control of my own devices, no employer will ever have access to them nor will they ever be used for work-related tasks.

Suspicion is a dangerous thing (3, Insightful)

anegg (1390659) | about 2 years ago | (#39695933)

Isn't the real problem that yet another non-scientific unproven analytic tool is going to be deployed in an attempt to discern what people are really thinking? There may be lots of reasons why someone's language changes, including events in their personal lives that have no relationship to work as long as they continue to carry out their duties competently. Imagine being called to the bosses office or HR to "explain" why your behavior has changed when you may not have realized the change yourself, and it has nothing to do with work. Failure to provide a satisfactory explanation will result in greater suspicion of your intentions, especially if the system that detected your behavioral "abnormalities" was sold with the understanding that it really could spot bad eggs before they cracked.

Re:Suspicion is a dangerous thing (3, Insightful)

joebagodonuts (561066) | about 2 years ago | (#39696081)

It's worse than "non scientific".

"If you start to feel differently about the company you work for and the people you work with, you'd be surprised how your language changes," says Ed Stroz, co-president at digital-risk-management firm Stroz Friedberg LLC, New York. The company, like other consulting firms such as Ernst & Young, makes technology to examine linguistics .

It's usefulness is being touted by those selling the software:

Parse error. (2)

SuricouRaven (1897204) | about 2 years ago | (#39695937)

"Server three choked on the db backup again, looks like D filled, bodged a script to tidy crap from temp folder on nightly before AV, it'll buy a couple days before the new HDDs arrive. Throw the whole DB there during weekend DT. Also, don't forget it's LP on Sun - make sure to get the steam DLs first this time."

So who tells the Emperor... (2)

joebagodonuts (561066) | about 2 years ago | (#39696053)

he's wearing no clothes? This comes across more "covering my ass" than addressing a real need/vulnerability.

So, who runs this tech?? (1)

Ryanrule (1657199) | about 2 years ago | (#39696089)

'using new technology to look at the language of their IT staff's emails to determine whether their behavior or mind-set has changed,' Are you going to ask IT to run the the software that monitors IT? Sounds like a position I want.

We're Better At This (1)

Bob9113 (14996) | about 2 years ago | (#39696107)

We're better at this sort of thing than management. By a lot. We're also a damned site more noble. We don't have much to fear, really. They do. Perhaps we should be using semantic analysis to discover cases of consumer fraud, tax fraud, influence trading, and misappropriation of funds.

Oh and i'm sure (0)

Anonymous Coward | about 2 years ago | (#39696129)

...they're convincing themselves that their social media inferential trackers work as advertised too.

Sometimes people make the craziest underlying assumptions.

There was a Heinlein story about this (0)

Anonymous Coward | about 2 years ago | (#39696159)

It was about engineers tasked with operating atomic piles. There was so much surveillance that they wondered if starting to shave from a different side of your face would be enough to trigger an intelligence alert.

it's not spying (0)

Anonymous Coward | about 2 years ago | (#39696181)

when i pay your salary, so STFU

That's nothing... (2)

Zapotek (1032314) | about 2 years ago | (#39696215)

...my first job was as a sys-admin for a small office, the boss had me install VNC to all company machines, mainly laptops for the sales folk, office manager etc. He would actually monitor them himself from time to time (while his office was 4m away).

I protested but my warnings went unheeded, of course for some weird reason VNC "didn't work" on my machine. ;)
It goes without saying that I got the hell out of there first chance I got and everyone else slowly followed.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...