Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Workplace Privacy Lacking

michael posted more than 13 years ago | from the corporations-don't-have-rights dept.

Privacy 142

PaGeN writes: "It's about time. Per today's New York Times, thinking and respected jurists are raising eyebrows at the legal principle that seems to have sprung up overnight: "You have no right of privacy in on-the-job online communications." Judge James M. Rosenbaum, Reagan-appointed chief judge of the United States District Court for the District of Minnesota, in Minneapolis, expresses surprise that employees should be expected to tolerate "an electronic rummage through their lives." "The present concept permits -- and even encourages - 'Big Brother' searches," wrote Judge Rosenbaum. "... just as an employee does not surrender all privacy rights on the company's premises, so they should not be automatically surrendered on the company's computers."" The column linked above is interesting; you can also read the original paper online.

cancel ×

142 comments

Sorry! There are no comments related to the filter you selected.

I got caught (1)

Anonymous Coward | more than 13 years ago | (#2187939)

At my last job I was doing stuff online, like reading Yahoo! news, while waiting (for compiles, for the printer, for a co-worker to finish a task, whatever). They fired me for "excessive" non-work related computer use. I pointed out that people all around me were constantly checking sports scores, stock prices, etc. and asked why their use was not "excessive" and mine was. I asked for their definition of "excessive". They refused to answer and fired me anyway.

The best part was when they said I'd spent X hours a day on the internet. I asked how they knew that, since an http request took seconds to fill, not hours, but they again refused to answer. Apparantly if I read one news story at 9:00 and another at 9:45, they figured I spent the first 45 minutes reading the first story, and then assumed I must have spent another 45 minutes reading the other story for a total of an hour and a half. Stupid shits did not once dispute my claim (backed up half-heartedly by my boss) that I was doing good work and meeting my performance goals. One of my last acts before the door hit me in the ass on my way out was to claim my 3 still-unclaimed (because I'd had so many others I'd pretty much got one each already) peer-recognition awards.

God I'm glad to get out of there! I'd name them, but they'd probably track me down and get me fired from this job, too.

Re:It's hard... (2)

Anonymous Coward | more than 13 years ago | (#2187940)

They only give you phones for work too, but it's still OK to call your wife and talk for a minute. If I do that via email instead, I don't want the email read by anyone else. People are right to demand privacy in this area.

Re:False expectations of privacy (2)

cpt kangarooski (3773) | more than 13 years ago | (#2187942)

So it's a good thing that people don't go around calling their attorneys over the telephone without using scramblers, huh?

You can have an expectation of privacy without being actually private. This is where the word 'expectation' comes into play. It may be magnified through obfuscation, but whispering in a crowded courtroom works great all by itself.

Re:Why should you expect privacy at work? (1)

Anarchofascist (4820) | more than 13 years ago | (#2187943)

"It's not your piece of paper It's not your pen Neither of them belong to you so how can you possibly expect any ideas that you write down to belong to you?"

So much for BOYCOTT adobe eh ? (1)

Archfeld (6757) | more than 13 years ago | (#2187945)

that lasted what 30 minutes on slashdot, before a story requiring the PDF format was posted for all to access. Nice to see Slashdot standing tall and support Dmitry.

Between that and the doubleclick ads slashdot keeps running right above the stories about how heinous their privacy violations are....

We need to change the name of this place to /Hypocrite.

you have the truth of the matter (2)

Archfeld (6757) | more than 13 years ago | (#2187946)

the company wants their cake, your cake, and they want to eat it all, and they want you to stand by and prepare to clean up after them if they make a mess. My company is a LARGE IT/Financial firm and they do have a limited tolerance policy, ie NO PORN or un-PC stuff, they monitor but do not interfere unless your usage becomes a problem. Now exactly what a problem is no one will define so live life on the edge, and SURF from HOME.

Re:Who Cares? (2)

Archfeld (6757) | more than 13 years ago | (#2187947)

so why post as an AC then ? You are proof that evolution is not infallible.

Re:Privacy Schmivacy (1)

edhall (10025) | more than 13 years ago | (#2187948)

Actually, there is a way that is both better for privacy and for safety. Require a brief test of coordination and attentiveness before the driver can get behind the wheel. If they fail, they get sent home, no questions asked. A driver is allowed a small number of failures over a given number of days/weeks/months before his/her "employability" is reviewed.

Such tests have been developed, and they do work -- except that they also detect drivers who are too tired, or sick, or emotionally upset, or whatever, and that ends up losing money (on sick time, substitutes, etc.) for the company. So it's generally not done.

-Ed

Something to consider (1)

ehintz (10572) | more than 13 years ago | (#2187949)

I support the right of my employer to rummage through my mail. They own the hardware, software, infrastructure, etc. as was noted by others above. There is one other consideration however. If you are unhappy with the frequency in which your employer exercises this right, quit. I currently work for a company where although we have the right to do this, we choose not to exercise it except in extreme circumstances. Frankly, if your company's PHBs are doing this, they're certainly abusing you in other ways as well, and it's time to find some better PHBs. They do exist-I work for some of them. But you have to be skilled to be hired by them, and you have to be persistent to find them-they don't hire as often because there is little turnover. It may not be easy, but I assure you the rewards are worth the effort.

Regards,

Re:Why should you expect privacy at work? (1)

ethereal (13958) | more than 13 years ago | (#2187952)

Um, that's exactly how it works. If you write down an innovative new idea with pen and paper while at work, then your company probably owns that idea (unless you got a very liberal employment contract past them). Many companies even claim ideas that you have on your own time at home.

Remember: it's a "Microsoft virus", not an "email virus",

Re:Urine sample (1)

ethereal (13958) | more than 13 years ago | (#2187953)

One happy note: my company appears to have abandoned random drug testing because of the urgent desire to cut costs right now. I'm not sure why they were doing it in the first place if it wasn't worth it, but I'm not complaining too hard.

See, the slowing economy does have a silver lining :)

Remember: it's a "Microsoft virus", not an "email virus",

Re:Urine sample (1)

ethereal (13958) | more than 13 years ago | (#2187954)

Heck, I knew a guy in school who always coded better when somewhat sloshed; I could see how someone would do better work when high. I'm not too crazy about that person toking up and then immediately driving to work, but I agree with you that what you do on the weekend in your own home is really nobody else's business.

Of course, I don't think it's the government's business either, at least until you start holding up 7-11's to get money for your habit.

Remember: it's a "Microsoft virus", not an "email virus",

Re:Why should you expect privacy at work? (1)

ArsonSmith (13997) | more than 13 years ago | (#2187955)

It's not your T1 (DS3...)
It's not your router
It's not your firewall
It's not your switch
It's not yout hub
It's not your CAT5
It's not your jack
It's not your server(s)
It's not you computer (laptop)
It's not your mouse
It's not your keyboard
It's not your software (maybe it isn't even your companies!)


With my current stock options it is partly mine. I own a portion of the company I work for. I also own stock outside of options.

It mus be pretty sad to have a job that you put in 40 hours work and get 40 hours pay then go home never to think about it again untill next week. I like my job and enjoy it greatly. If your employee/emplyor relation ship is a work/pay only relation ship then you are not a valuable employee and probly should be fired for surfing and not working 100% of the time. I work an easy 60+ hours a week with some surfing and such in between work spirts. Most all surfing i do is browseing documentation and reading slashdot. both i think help me in my quest to better the company for education and social research.

Phones? (2)

Mike Schiraldi (18296) | more than 13 years ago | (#2187956)

Let's look to telephones for an analogy. Is it legal for your employer to monitor your personal telephone calls made from work?

(I don't know; is it?)

Re:PGP Mail against the rules? (1)

sys$manager (25156) | more than 13 years ago | (#2187957)

That's totally understandable, and actually something I hadn't thought about. There are, however, a large number of other ways in which to send confidential documents to competitors (i.e. on dead trees), and if you're not allowing PGP because you're worried about that, you've got the wrong employees. :)

Re:PGP Mail against the rules? (1)

sys$manager (25156) | more than 13 years ago | (#2187958)

That makes a lot of sense then, I would have to agree with the rule in such a situation.

Re:PGP Mail against the rules? (1)

sys$manager (25156) | more than 13 years ago | (#2187959)

Your comment (and your company policies) are exactly what the article and paper are discussing.

"The present concept permits -- and even encourages - 'Big Brother' searches," wrote Judge Rosenbaum. "... just as an employee does not surrender all privacy rights on the company's premises, so they should not be automatically surrendered on the company's computers."

You don't have the right to search my wallet (or purse, for those so inclined) when I come to work or go home through the door, so why can you search my personal email just because it goes through the server?

I don't agree or disagree with any of this. I haven't had enough time to form an opinion yet. That said, these are the questions that are the issue in this case.

PGP Mail against the rules? (2)

sys$manager (25156) | more than 13 years ago | (#2187960)

The worst thing I have heard in regards to this is an employer who fired an employee for using PGP on their company system. It was against the rules, so I understand the firing, but the rule is wrong. I should have the right to send encrypted mail from work if I feel like it. I wouldn't get in trouble if I wrote an encrypted letter using a one-time pad or something. I use PGP for my email at my job all the time (to mail the SO).

Re:The problem (2)

gmhowell (26755) | more than 13 years ago | (#2187961)

I got an Ask Slashdot posted [slashdot.org] about a year ago. I asked how to protect my company while still allowing some freedom and privacy for employees.

Slashdot didn't get it then, and they don't get it now.

Probably because of the duality of Slashdot members. On one hand, a bunch of neo-hippies, high-school/college students, and disgruntled cubicle drones who want everything and fuck the company. On the other hand are fearful middle managers who immediately scream "call the lawyers".

This is nothing new. Move along, move along.

Re:So What? (5)

PigleT (28894) | more than 13 years ago | (#2187962)

You appear to be avoiding half the issue.

When you're at work, you're still you, you're just on work's premises using their gear. You have to respect *both* halves of `still you' and `their gear', though. This is why it's give and take: the only sensible kind of policy I've seen is one that says `we won't snoop and you won't waste resources'.

There's no need to get all stuck on one extreme ("it's the employer's gear!") or another ("you have privacy rights!") when there's a common-sense fair middle of the road to be taking.

Next issue please? ;)
~Tim
--
.|` Clouds cross the black moonlight,

Re:PGP Mail against the rules? (1)

crash^ (31297) | more than 13 years ago | (#2187963)

where i work we are not allowed to use encryption whatnots. i dont remember the exact wording but it's still bothersome. over all i dont mind, since everything is pretty lax. i just make sure i get what i need to get done and theres no problem.

Ummm, (2)

Unknown Poltroon (31628) | more than 13 years ago | (#2187964)

So i guess you own every piece of equipment between your desktop and slashdots server. Wow.

Re:PGP Mail against the rules? (2)

cr0sh (43134) | more than 13 years ago | (#2187966)

In theory, I could walk out of my employer's office with a few ZIP disks filled with their code.

But why bring a ZIP drive to work when I can go down to supplies, grab a box of CD-Rs, find a machine with a burner, and burn away?

The whole issue is trust - I trust them not to watch me, and they trust me not to use their own equipment to scam code...

Worldcom [worldcom.com] - Generation Duh!

Not big brother...everybody! (2)

BubbaFett (47115) | more than 13 years ago | (#2187968)

Working at the University of Georgia, everything that isn't security or trade secret related on my computer is public record. Anyone submitting the proper request can get anything I store on my machine.

No Warning? (3)

jyuter (48936) | more than 13 years ago | (#2187970)

Whatever happened to this bill [slashdot.org] which would force employers to inform the employees of their e-mail reading policies?

It's hard... (3)

Palshife (60519) | more than 13 years ago | (#2187972)

...to distinguish privacy related issues when talking about a corporate network. After all, the only real reason a company will give you Internet access in your office these days is because more and more business applications require it. Therefore companies expect a certain level of usage discipline from their employees.

Of course, I dont know if my boss would appreciate me using my work time to post to /. , so i'll be going now...

So remember: Excel Spreadsheets are okay. All Your Base/Porn is not.

No online privacy at work? (3)

SirSlud (67381) | more than 13 years ago | (#2187973)

Sigh ... I guess it's back to those paper-and-staples porn publications when I'm waiting for a client to call!

nice to see the NYT criticizing itself.. (1)

spasm (79260) | more than 13 years ago | (#2187976)

"In his article, "In Defense of the Hard Drive," Judge Rosenbaum cited an example of what he thought to be an overly broad search -- a 1999 probe by The New York Times Company of employee computer records at its office in Norfolk, Virginia"

So What? (1)

ArcadeNut (85398) | more than 13 years ago | (#2187979)

When you're at work, you should be WORKING. If you don't want the company to find out about it, don't do it at work. Simple? Yes?

You would think that this would be common sense.

Oh Yeah, most people lack common sense...

Er... Actually... (2)

Greyfox (87712) | more than 13 years ago | (#2187980)

It is my mouse. The one the company gave me sucked, so I brought my own one in.

It is my headphones and palm-pilot cradle, too.

Re:The problem (1)

nublord (88026) | more than 13 years ago | (#2187981)

Probably because of the duality of Slashdot members. On one hand, a bunch of neo-hippies, high-school/college students, and disgruntled cubicle drones who want everything and fuck the company. On the other hand are fearful middle managers who immediately scream "call the lawyers".

Maybe you should change the beginning of the first sentence to read:

Probably because of the duality of Slashdot posters.

Don't judge the whole heard based on what a few percentage say.

rabtech does have a point. Businesses have to protect themselves from rabid lawyers. Businesses also have to give workers privacy. The hard part is going to be finding the middle ground between reasonable use (of computers) and reasonable privacy (of workers).

False expectations of privacy (4)

pongo000 (97357) | more than 13 years ago | (#2187982)

It really doesn't matter that the corporate world doesn't believe in on-line privacy. It's a moot point: Any expections of privacy are folly unless attempts are made to somehow obfuscate the data being transmitted. It's really as simple as that. Articles like this simply support this idea. Obfuscation (through encryption or whatever) is the key to the problem.

These kinds of articles aren't even really news, in the sense that corporations will always have the upper-hand in terms of employee "privacy." People need to get used to the idea, and circumvent the problem instead of simply bitch about it.

Be glad he's a judge, and not a sysadmin (3)

John Murdoch (102085) | more than 13 years ago | (#2187983)

This is yet another example of why we should require licenses to use computers. Because that way we would not be pestered with idiots like Judge Rosenbaum and silly notions like the "cyber time-out."

This sounds great. And I'd bet that this will dramatically improve Judge Rosenbaum's standing as a with-it, 21st-century judge. No doubt he'll be assigned the next DMCA-related case to surface in his circuit, and he'll be asked to speak on this issue at state bar conventions across the Midwest.

This would be a catastrophe. This lunacy must be stopped before it gains the slightest credibility in any circles, anywhere. (And no, I am not kidding.)

Example #1:
Quick quiz: what's been the big computer story of the week? Right--the SirCam virus. Well, lessee. Suppose you're the network sysadmin for the U.S. Court of Appeals in Minneapolis. You have been infected by the SirCam virus, which is wreaking havoc on your email system (and sending random files from your users desktops all over the Internet). How can you stop it?

"That's a no-brainer," you say. "I just identify the infected machines, isolate them, and remove the virus." Bzzzzt! Wrong! You see--you can't remove that virus from that machine. It's the computer used by a moron circuit court judge who has propounded the theory of the "Cyber Time-Out"--72-hour notice of an intent to search the computer, in which you must specify the exact files you intend to review. (More on that delirious bit of nonsense below.) So for the next 72 hours, after you have identified that the problem is Judge Rosenbaum, after you have identified the specific files that are causing the virus, after you have jumped through the hoops that define "proper notice" (what? he's on vacation? with no phone number?) and after he has had recourse through the courts to prevent that search, you finally get the chance to address the virus.

And what, pray tell, do you do if the yutz decides to get really stupid and insist that he won't let you search the PC, because he doesn't think he has a virus. And what happens if he manages to convince some lawyer and/or a judge to agree with him, and gets an injunction against you?

Example #2:
You are the Vice President and Legal Counsel for a major corporation. Your counterpart at a competitor calls you, and follows up with a document sent by messenger. One of your sales managers has been negotiating for a position at your competitor, and has gratuitously offered extremely confidential information as a show of his enthusiasm for his new employer. (You might think that the competitor would say, "eureka! we have the secret plans!" but it isn't true. The legal consequences of getting caught are horrendous [and can include jail time]. Standard corporate practice is to return competitor secrets as quickly as possible, using publicly-documented methods.)

What do you do? You call the network admins and tell them that you want the bozo's network passwords changed immediately, and you want his machine seized. Who knows what other corporate secrets this guy has handed out?

Bzzzt! Sorry! The bozo in question has a lawyer, and the lawyer has been reading The Green Bag. And the lawyer has read this cockamamie theory about a "cyber time-out" that requires you to a) notify the employee about a search 72 hours in advance; and b) specify the exact files you wish to view. The "Rosenbaum Rule" (coming soon, to a courtroom near you) explicitly frowns on general searches--you can't just go fishing on the fellow's hard drive to see if he's doing something nefarious.

Rosenbaum's Tautology
Beyond the practical problems that I have raised above, Judge Rosenbaum's proposed "cyber time-out" includes a "reasonable" provision that effectively prevents any search of an employee's hard drive at all. Rosenbaum specifies two (really three) tests:
1. The employee must be notified 72 hours in advance;
1a. The employee must be properly notified (and what constitutes proper notice will be litigated for years); and
2. The employer must specify which specific files are to be searched.

That's a tautology: you can't search the hard drive unless you know the names of the specific file you're looking for; and you can't know the specific file you're looking for unless you search the hard drive. Think of the SirCam virus again (or just snooping in the employee's email). Lots of email clients (including Microsoft Outlook, the most commonly-used MUA) permit you to specify the name of the file where mail is stored. If the user changes the file name from the default (say, to "porn_drugs_terrorism.pst") the employer has no way of knowing the file name. And hence cannot properly inform the employee of a search--so the employee cannot be searched.

Is Rosenbaum that dumb?
Ask yourself. Is Judge Rosenbaum really so stupid as to not realize that his oh-so-reasonable "cyber time-out" effectively prevents employers from searching employee hard drives at all? I honestly don't think so. Lawyers get through law school by learning to carefully understand the meaning and implication of every word: and to write contracts (and legal journal articles) that carefully exploit the full meaning of each word. Rosenbaum isn't just a lawyer--he's a judge. He isn't just a judge, he is a federal judge; and he isn't just a federal judge, he is an appellate court judge. He didn't just write this article on the back of an envelope--he wrote it for a legal journal, hoping to promote a new legal theory. His clever little tautology is intentional: you can't search the hard drive unless you know the file name. And you can't know the file name unless you search the drive. (Question: what's the file name on a boot track virus?)

Bottom line:
This is a really, really, really bad idea.

Re:Absurd privacy invasion (1)

ClarkEvans (102211) | more than 13 years ago | (#2187984)

Get a cell phone
Yes, but what about the air in the office you are transmitting through!

Re:Privacy Schmivacy (1)

dsginter (104154) | more than 13 years ago | (#2187985)

Surf from home securely from work!

Get VNC or PCanywhere. There's no way in hell that they can monitor that! (Famous Last Words)

News: Technology Solves the Problem (1)

rkasper (114894) | more than 13 years ago | (#2187986)

In related events, smart people noted that it's possible to encrypt your email channel and your web channel. These smart people mentioned tools such as ssh, and commented that they work.

Re:News: Technology Solves the Problem (1)

rkasper (114894) | more than 13 years ago | (#2187987)

Um, surely you've heard of communication channels, haven't you?

From Merriam-Webster's definition of "channel": 1d : a means of communication or expression: as (1) : a path along which information (as data or music) in the form of an electrical signal passes (2) plural : a fixed or official course of communication

Re:Absurd privacy invasion (2)

blazin (119416) | more than 13 years ago | (#2187988)

Rent a porta-potty. Make all personal poos in the porta-potty.

You have a right to privacy (3)

burris (122191) | more than 13 years ago | (#2187989)

The way the law works, the Electronics Communications Privacy Act and famous precident such as Epson, neither your employer nor anyone else can go through your stored communications if you have a reasonable expectation that they are private. The deal is that pretty much every company has an explicit policy stating that you should have no expectation of privacy on their computing equipment. They have lawyers that tell them to do this because of laws such as ECPA

If you don't like it then get your company to change it's policies. By and large most companies don't tap their employees phones because the management would never want their own phones tapped. However, it's easy to spot an employee who is abusing the phone equiment (they are constantly chit-chatting). With computers it's easy to divert them to your own benefit without others easily noticing. For this reason I wouldn't expect companies to change their policies any time soon.

Burris

privacy and work (2)

geekoid (135745) | more than 13 years ago | (#2187991)

I understand its there computer, network, etc,etc...
If companies want more hours out of there employee's, then the employee's will need to use the internet to take care of private matters.
In the real world, many thing that need to be taken care of need to be done during the same time as work. If my emlpoyer wants me to handle the medical affairs of my family from the office, then they had better not be snooping on me, especially with out reason to believe I'm doing something wrong.
we're not just talking about porn and games here, we're talking about the way things in ones life need to be taken care of, and the reasonable privacy someone should recieve from there employers.

Signing your life away (3)

Kondoor (135852) | more than 13 years ago | (#2187992)

At the company that I work at, each and every person we hire must sign a disclosure saying the company has the right to read everything they email, monitor there network traffic and listen to there phone conversations. If any of these actions are taken upon an individual, it is recorded by HR. Being the network administer where I am employed, I have had to do the search and seizure of network traffic, internet and lan based and retrieval and review of serveral empolyees email. I can't say I like doing this, besides the fact it is a pain in the ass, I always find out things about my fellow co-workers i really don't care to know about. I think the way the judge is looking at giving a 72 hour timeframe with notice to the employee is a good idea, would allow people to clean up there act a bit.

Re:PGP Mail against the rules? (1)

kitmarlowe (136925) | more than 13 years ago | (#2187993)

It's simple. Using PGP you could easily send
confidential company documents out of the company
to a competitor.

Re:PGP Mail against the rules? (1)

kitmarlowe (136925) | more than 13 years ago | (#2187994)

Well, we have about 500+ employees in multiple
states, many of whom are short term employees
dues to the business my company is in. We have
two major competitors who routinely poach our
sales-people so they can get their client lists.
Sending data to competitors is a big deal for
us, as we are in financial services and could
easily be held liable if financial information
was sent out.

Re:Absurd privacy invasion (2)

fleener (140714) | more than 13 years ago | (#2187997)

How is my employer seeing me naked any different from my doctor knowing I have a certain illness (say, a really embarassing ailment)? You're making an arbitrary judgement over degrees of privacy. That's important because once the law recognizes the issue as arbitrary, it will begin returning rights to the citizenry.

I consider my personal conversations about personal life and personal problems to be just as important as what my body parts look like or the sounds they make.

Absurd privacy invasion (4)

fleener (140714) | more than 13 years ago | (#2187999)

In my office, if I make a telephone call to my doctor to arrange a medical appointment does my employer have a right to invade my privacy by listening or recording my conversation simply because my employer owns the phone? That's absurd. Does he have a right to videotape me in the bathroom because he owns the toilet and pays the water bill? That's absurd.

It is reasonable to expect a certain level of personal activity and communication while on the job. E-mail and web use should be no different.

Re:False expectations of privacy (2)

dazed-n-confused (140724) | more than 13 years ago | (#2188000)

It really doesn't matter that the corporate world doesn't believe in on-line privacy. It's a moot point: Any expections of privacy are folly unless attempts are made to somehow obfuscate the data being transmitted. It's really as simple as that.
If you think your corporation will be any happier with you when you are sending indecipherable, encrypted data from your workplace, you must work for a very stupid corporation indeed. (Or one which possesses no valuable information of any kind, which is much the same thing).

Just think about it for a few seconds...
People need to get used to the idea, and circumvent the problem instead of simply bitch about it.
You don't like your corporation's acceptable usage policies? Get a job somewhere else. Your sysadmins should have professional ethics, but transmission of encrypted data streams from the workplace is going to be a big no-no in anyone's book.

Re:DMCA to the rescue! (2)

dazed-n-confused (140724) | more than 13 years ago | (#2188001)

If you encrypt all your email and use SSL for all communications, then as long as the DMCA stands, your employer can't spy on you without a jail sentence. People need to start encrypting things, not just your secret stuff, everything.
How do you imagine your employer will determine that it's your "secret stuff," and not his , that is streaming out of the building?

Re:One thing left out here. (2)

dazed-n-confused (140724) | more than 13 years ago | (#2188002)

Maybe everyone should use PGP at work?
Your company has valid business reasons for wanting to monitor traffic that passes across its network. Encrypted traffic which the company cannot monitor is not going to be acceptable. Just think: how will you prove to that disciplinary hearing that it wasn't you who emailed those corporate secrets outside the company?

Why do you expect privacy and secrecy, when you are using your employer's computer equipment on company time? ("No, boss, I'm not going to tell you where I am, or what I'm doing, or where I'm sending post, or what's in it. You don't need to know...")

One thing left out here. (4)

www.sorehands.com (142825) | more than 13 years ago | (#2188003)

What about searchs done to find an excuse to fire someone?

In this type of situation, an employee complains of harassment/discrimination/retaliation and the company then searchs their computer and finds an email to a sick father and then fires the employee for using the computer for personal use. Or, after the person is fired, they seach the computer and then gives that reason for the termination.

The Supreme court that after acquired evidence cannot be used to justify termination, but says nothing on an investigation being a form of retaliation. That an investigation was done because a complaint have been made.

Maybe everyone should use PGP at work?

take it or leave it (1)

avandesande (143899) | more than 13 years ago | (#2188004)

I think that companies should be able to have any privacy policy like. However, the company should be required by law to state their privacy policy completely and accuratly. If you don't agree with it, go somewhere else.

It stops illegal activity!! (1)

pjbass (144318) | more than 13 years ago | (#2188005)

I don't like the whole idea of "breach-of-privacy" or anything like that, but a company needs to protect itself, and needs to protect its investments. A company pays for internet access, alpha pagers, corporate email systems, and is liable for what passes through them. Much like an ISP is liable for a stupid person who subscribes to them launching a full-scale DoS to a remote site. The ISP is held responsible initially, before an investigation takes place to find the culprit.

I guess the point is that if what you did and what you sent WAS considered private, then the whole antitrust case against MS would never had materialized. There were very strong words used between Mr. Gates and his executives, naming illegal practices in marketing and sales. The strategies that were used by MS to attempt purging Netscape from the market would never have had full-blown evidence if their email was considered private. How else is a corporation supposed to hold itself responsible and liable for what it and its employees do? If they do not assume the responsiblity, then who takes the blame?

It just makes no sense that a person can use a service that they are not paying for (internet, cell phone, pager, etc.), and expect that the person serving them that service and PAYING for that service will not expect to cover their bases and make sure they are not held responsible for illegal conduct or activity. And if this is flamebait, I apologize, but like other people said, if you want to do "questionable" things, like surf for porn or download mp3's, etc., just do it at home. You suck it up and take the responsibility.

Re:Privacy at work?! (1)

silicon_synapse (145470) | more than 13 years ago | (#2188006)

Perhaps you're not wasting company resources, but you are using them. They have every right to know exactly how their equipment and resources are being used. You have no right to expect that you can use company property as if it were your own whether you're on a break or not.


--

Why should you expect privacy at work? (3)

ellem (147712) | more than 13 years ago | (#2188009)

It's not your T1 (DS3...)
It's not your router
It's not your firewall
It's not your switch
It's not yout hub
It's not your CAT5
It's not your jack
It's not your server(s)
It's not you computer (laptop)
It's not your mouse
It's not your keyboard
It's not your software (maybe it isn't even your companies!)
None of it belongs to you
They ARE paying you (even if you don't like what they're paying you)
Most Sys Admins don't give a crap if you send your (insert personal contact here) an email or two about how your day is going.

I have a real simple rule for my users. Don't send anything via email that would make a nun blush.

In the world of electrons, 1s and 0s and RECOVERABLE information you have to be out of your friggin mind to expect privacy of any kind!

---

Re:Privacy at work?! (2)

Pxtl (151020) | more than 13 years ago | (#2188012)

I am entitled to a 1 hour lunchbreak and two 15 minute paid breaks (usually termed smoking breaks, but I don't). I often surf on these breaks. My business has bandwidth out the yinyang, and the computer I use will just be sitting there if noone's on it. Therefore, I am not wasting company rescources. That time is my time. So, why should they care that I'm reading erotic stories?

Re:False expectations of privacy (1)

Xiphoid Process (153566) | more than 13 years ago | (#2188013)

I agree, but unfortunately my boss probably wouldn't and would probably have grounds to fire me if encrypted all my communications... we need legal justification for our privacy so that we can secure it like you suggest but with legal impunity.

Re:Expectations (1)

haplo21112 (184264) | more than 13 years ago | (#2188020)

We had similar incidents here, one or two inwhich guys were caught with porn, the machine was seized(it was one in a common area but with profiles enabled so we could tell who was doing what) replaced with an Identical machine, and then searched for evidence. We also had a guy get caught dispersing trade secrets via AOLIM, about an as yet unreleased product, he got canned as well.

Expectations (3)

haplo21112 (184264) | more than 13 years ago | (#2188021)

personally I have never considered that I would have privacy in the work place I will probably take a Karma hit for saying so, but seriously your there at work to work. If your doing something besides working(goofing off, flirting, looking for your next job, whatever) then expect to get slapped for it. Maybe I just have screwed up work ethic, but if they are paying you the company that you work for should be able to expect you to be doing something that benifits them, not browsing the lastest porn site. If you want to do those other things on a break/lunch then go away from the company to do it.

Re:PGP Mail against the rules? (1)

wobblie (191824) | more than 13 years ago | (#2188023)

No, you shouldn't. You are using the company's computers to send a message over the company's networks. That equipment does not belong to you; you do not have the right to do anything with it that the company does not explicitly allow.

Well I disagree.

You have no right to privacy when using company equipment. When I pay for your time and own the equipment, I reserve the right to monitor how you use it.

What you don't understand is that is your employees labor that paid for "your" computers, not you. Handing a paycheck to someone does not give you any moral right to run roughshod over their lives or control them in any way, and although your company's policies seem reasonable, your attitude is annoying, to say the least.

--

Re:Privacy Schmivacy (1)

ichimunki (194887) | more than 13 years ago | (#2188025)

I wasn't trying to be ironic, and I don't know how you interpreted what I said as supporting drug testing-- I am firmly against it for any job.

And no, customer service workers are not white collar-- white collar means management or professional work, which does not include clerks, cashiers, call-center operators, and the like. At least these jobs are no longer what I would consider white collar, nor would I consider them blue collar, they are currently workers-without-collar-color. Maybe that's because their uniforms often don't have collars.

Re:Privacy Schmivacy (1)

ichimunki (194887) | more than 13 years ago | (#2188026)

It's pointless, that's why. Unless they have an instant drug test each morning before and a breathalyzer that must be passed before the bus will power on, it's pointless. There are a good many legal and illegal drugs that may or may not be detected. Also, unless they've fixed the problem, eating poppy seeds can trigger a false positive on some tests. So if we give you the test when you're hired, what's to say you just haven't been able to afford drugs, you being unemployed and all, but now that you're getting paid you go buy an eighth and start sparking up on the weekend.

Did I mention that in addition to invading the privacy of the persons in question, it's pointless? :)

Re:Privacy Schmivacy (2)

ichimunki (194887) | more than 13 years ago | (#2188027)

It's not just surfing, it's sending email to family/friends, and I suppose other things. Even so, the question isn't really whether you are spending time on it (most companies won't fire you for a little personal surfing/email, just like it's often okay to make a personal phone call), it's whether you have any right to privacy while doing it.

Personally I think it's laughable that white collar workers in large corporations would expect privacy (and a host of other comforts) that customer service workers in the same company have no chance of getting-- or that any reasonable adult would tolerate some of the things some corporations try. I mean, some of these companies actually require you to submit your bodily fluids before taking a desk job. Talk about an invasion of privacy!

MUTT (1)

zoftie (195518) | more than 13 years ago | (#2188028)

http://www.mutt.org
http://www.gnupg.org

learn them and your communications will be secure
and private and authenticated. Be sure to put
a passphrase on your key(s). Use https whenever
possible.
p.

Re:Privacy Schmivacy (1)

soulflakes (197287) | more than 13 years ago | (#2188029)

Anything can be monitored. ANYTHING. I have the ability to remotely view up to 255 users' workstations screens at one time. Without them knowing... I usually don't view anyone unless we suspect something. Just remember, company owned equipment is just that...company owned..you have no rights.

Easy answer... (2)

graveyhead (210996) | more than 13 years ago | (#2188031)

Use safeweb [safeweb.com] , or a similar secure proxy. Let them snoop all they like, but it will be a cold day in hell before they figure out where you've been surfing ;-)

Looking up porn again? (2)

Sheepdot (211478) | more than 13 years ago | (#2188032)

"You have no right of privacy in on-the-job online communications."

Maybe it is just me, but I have a job to get paid. My "communications" are usually not done on the job, and the ones that *are* done on the job are specifically related to my job.

There is substantial evidence that the people who are too often *not* doing job-related work on the job usually are employees that have the lowest performance evaluations anyway.

This leads me to believe that companies are wasting time monitoring what their employees are doing online, as they will often end up showing poor performance in the near future anyway.

However, I ardently *disagree* with anyone who says that companies "should not be allowed to do this". It is completely acceptable for a company to want to ensure that employees are staying on task, not commit crimes online for which the company would be responsible, and aren't disrupting other communications needed for the company network.

If you don't like your boss looking around your shoulder, go elsewhere. And don't give me BS about every company monitoring employees, some of the best paying jobs are offered by companies that *don't* monitor.

Eventually what will happen is that the issue will turn into what we have for phone usage, companies that care about whether or not you use the company phone on company time will be the ones that care if you use the companies Internet on company time.

Re:Urine sample (1)

DreamingReal (216288) | more than 13 years ago | (#2188034)

Of course it would have to be an economic reason, rather than a moral one. I was actually referring to the pre-employment drug screening but what you had to endure was even worse! Even though I find it a loathsome practice, there are occasions I can understand it to be a good policy (e.g. those who operate machinery). But for me to go through a drug-screening so I can hack out crappy JavaScript and JSP code? Then it just becomes a blatant inquisition of my weekend behavior. It smacks of the worse aspects of this unholy War on (Some) Drugs our government wages against it's own citizens.


-------

Urine sample (2)

DreamingReal (216288) | more than 13 years ago | (#2188036)


As long as corporations require me to go in a cup so they can search my piss, I will consider my right to privacy to be dead, regardless of whether they check their firewall logs or not.


-------

Re:DMCA to the rescue! (1)

hearingaid (216439) | more than 13 years ago | (#2188037)

In Berne Convention countries (which includes the United States, and has since 1988 I believe), everything you write is automatically copyrighted, merely by your act of creating it.

This has included letters in the past.

In other words, private email you send is (probably) copyrighted as a matter of course. There'd be an implied license allowing delivery servers to copy it for the purposes of delivery, but that would be it.

I don't know of any rulings before the courts on this yet, but it's bound to happen, and I think that's what'll happen.

So in other words, yes, the original poster would be right. Encrypt your email, and anyone who decrypts it without your permission is decrypting a copyrighted item. Oops.

A lot of Americans haven't yet fully grasped the Berne Convention. Before the U.S. joined the Berne Convention, it was a registration-only copyright system, where in order to get a copyright on something, you had to register it, while the rest of the western world used optional registration.

Re:Encryption? Pray for a dumb employer ... (1)

hearingaid (216439) | more than 13 years ago | (#2188038)

A lot of employers, especially the kind with a lot of employees, will not search individual employees' email as a matter of course. What they will do is run keyword searches on everybody's email. PGP defeats that.

Also, it stops them from digging through your email and finding cause for dismissal there, though it will make them suspicious.

And finally, one never has to pray for a dumb employer. They grow on trees. See the nearest PHB.

Re:Double-edged dword (1)

hearingaid (216439) | more than 13 years ago | (#2188039)

heh. dword?

look everyone, it's 32 bits with two edges! :)

Not sure what to think... (2)

sfe_software (220870) | more than 13 years ago | (#2188041)

I'm not sure I see it this way. It seems to me that using the office PC/network is no different than using the office phone/line. If you make personal calls (toll or otherwise), management will certainly want to know about it. They may or may not want to monitor such calls, and while that is pushing the limit in my book, it seems that it should be their right. Maybe disclosure on this policy should be required though.

So with monitoring/restricting your 'net access, it's their equipment/bandwidth, and I don't see why they shouldn't be allowed to monitor what you do. Reading your email is, again, borderline (IMO), but still, maybe with proper disclosure, it should be their right.

Now, as for the issue of creating distrust and causing other problems in the workplace that another poster mentioned, I fully agree. Really, if an employee needs to be monitored, he or she probably doesn't need to be there at all. Then the rest of us can read /. when appropriate without worrying about it.

With that said, I wouldn't work for a company with such strict policies, or for one who monitored such activity. That's my right, I don't have to work there if I don't like their policies -- just as it should be their right to *have* such policies, if they can get anyone to work for them. I'm not disagreeing that this type of monitoring sucks, I'm only disagreeing about whether the company has the right to monitor such activity.

- Jman

The problem (5)

rabtech (223758) | more than 13 years ago | (#2188042)

The major problem is that courts have held companies liable for their employee's conduct, even when that conduct is against company policy. Therefore, we MUST scan our email for anything that could be remotely deemed offensive, or we risk being sued. If we choose to respect privacy, then we open ourselves up to massive liability.

We need laws protecting employers from liability if an employee refuses to report misconduct. Then we could do away with some of the scanning and observing technologies we have (which cost us quiet a bit... many thousands.) If someone receives an offensive message, reports it, and nothing happens, ONLY then should the company be responsible for it. But the way the courts have ruled up to this point, simply not performing active scanning of email is an admission of guilt.
-- russ

i've got it made (2)

unformed (225214) | more than 13 years ago | (#2188043)

i work for a company that makes monitoring software. My job: go on the internet, go to lots of sites, talk to people on AIM, ICQ, etc. read and write lots of email and all i have to do is make sure everything gets recorded. lovin every minute of it ;)

Re:Absurd privacy invasion (1)

alen (225700) | more than 13 years ago | (#2188044)

Get a cell phone. I make all personal calls via cell phone.

Computers vs Pencil, paper and a file cabinet (4)

hillct (230132) | more than 13 years ago | (#2188047)

Judge Rosenbaum makes some interesting points in his article, however one that seems to have ben missed is the difference between computers and any older technique for information storage.

No one would object (in a legal sense) if an employer chose to open the file cabinet next to an employees desk and examine the documents within, as these documents would probably be considered property of the employer.

How is that different than examining the documents on the computer the employer has provided for my use durring my employment? Well, in several key areas: first, computers are much more versitile than the file cabinet in that they have the capability to perform thousands of operations that the paper and pencil would not facilitate (like web serfing for the purpose of evaluating reviews of an OSS version of a product competing with that of my company), as wel las many others from communicating with my son, to buying groceries if I so choose. Some of these activities are work related and some are not.

Searching the computer becomes less like riflingthrough the file cabinet and more like searching the company car which I drive to work in every day. While it does belong to the company, it is a common practive for me to use it for non-work relatd personal activities like picking my son up from soccer practice (which is why there's a Power Rangers toy in the back seat).

The point is, when employees are given tools with vast flexibility and power then employees are given a certain level of responsibility to behave appropriately. By extension the employee is also given a level of autonomy to use the device (wether it be a computer or a car) in a manner he sees fit. Judge Rosenbaum suggests that the grant of this authority to the employee comes with a set of additional rights to privacy with respect to the device/tool in question.

If my employer did not trust me I would be provided with a paper and pencil, with which I could perform no other function than my specified job function and no-one would have any problem with the employer viewing the documents I had created with the pencil over the course of the work day.

The proposal here is: With the grant of powerful devices such as computers to employees, comes a grant of authority, autonomy and privacy with regard to the use of such devices.

--CTH

Using PGP at Work (1)

Max Entropy (239730) | more than 13 years ago | (#2188048)

Suspicious that my online communications were being monitored (esp. as regards criticism of management), I actually installed PGP at work. We have a keyring of about six people and it enables us to vent freely online without threat of retribution. The ring had to deinstall its PGP apps recently to get around a third-party security audit, but we'll be reinstalling as soon as the audit is through. This has worked fine and it has made the rank-and-file employees breathe a lot easier.

I can hear it now.. (1)

Squarewav (241189) | more than 13 years ago | (#2188049)

&ltsarcasm&gtbut, like, its our RIGHT to surf the web download porn and play games, I dont care if like im being paid to work its my right to slackoff waisting valuble company time and bandwith, its Information! it wants to be free!&lt/sarcasm&gt
this isnt new people you pritty much lose your right to privacy when your no longer in a private place private places are basicly limmited to house/apartment and public restrooms(for the most part)

Re:Expectations (1)

bahtama (252146) | more than 13 years ago | (#2188050)

We had some schmuck who called me in because his computer kept telling him he was out of disk space. Turns out Outlook Newsreader was keeping ALL the stuff from the newsgroups he read. Basically all the a.b.p.e newgroups, he had GIGS of this stuff. But since it wasn't bothering anyone, there was no illegal stuff and he got his work done, we didn't do anything except to tell him to tone it down.

Sidenote: His keyboard was always really sticky, I always washed my hands after working on that computer. I think he drank alot of soda, but it's still funny considering his "disk space" problem. :P

=-=-=-=-=

Re:Expectations (2)

bahtama (252146) | more than 13 years ago | (#2188051)

I totally agree, people now want anything they want while at work, personal email, phone calls, napster (napster? what's that? :P), IM, pr0n. And they want all this in total privacy.

As a sys admin, I was on the panel that decided our company's policy. Basically, as long as you don't offend anyone and it doesn't mess with you getting your job done, we let it go. Most of the time is works out nice. We have had a problem with two ladies who were on Yahoo messenger ALL the time. Their boss had to have a talk with them and if they had continued to excessively use chat and not get their work done I would have had to not allow them to run it anymore.

Also, we had someone send a racist remark from their email and we busted them. If something like this happens or the feds walk in my door with a warrent, we will go through user files. But if a boss type comes in and wants to see what Mary is emailing during the day, I wouldn't let them view the files. This has only happened once and I went to HIS boss and explained it and the guy got in a little trouble.

You have to remember that your company is paying big bucks for your desk, office, computer, T1, etc. They expect you to get your work done and they expect you not to be planning fertilizer bombs or giving away trade secrets while you are supposed to be working.

=-=-=-=-=

Re:Simple concept (2)

Qrlx (258924) | more than 13 years ago | (#2188052)

The company owns the equipment that you're using

The phone company owns the wires that carry your conversations. So I guess they have the right to "listen in," since you're using their equipment?

It's not quite that bad, yet, but the courts have ruled [kscourts.org] the the phone company has the right to sell your phone records; i.e. who you call, how often, and so on. This got some coverage [epic.org] on EPIC [epic.org] , where somebody did their homework and linked to these articles on Wired [wired.com] , MSN [msn.com] , and The New York Times [nytimes.com] .

Back to the issue: The boss, who "owns your time," wants to make sure he's getting all he's paid for. What's next? No posting of Dibert cartoons on your cubicle, since your co-workers will waste precious man-hours chuckling? No newspapers in tne bathroom, since they tend to encourage extra-long bathroom breaks? No more decaf?

I'm not saying that companies should or shouldn't have an absolute right to record your phone calls, read all your email, and require you to be fingerprinted. I am saying that micro-managerial, reactive approaches to eliminating "wasted time" seldom work. Happy employees free to spend a few moments surfing the web or answering a personal email will be more productive than unhappy employees living in fear of a draconian computer use policy.

Re:False expectations of privacy (1)

mythr (260723) | more than 13 years ago | (#2188054)

That's common sense... You're talking to a bunch of Slashdotters, how dare you use that tactic!

You should have known better.

P.S. I don't think that they could fire you for doing anything with the connection that you shouldn't be. For example, downloading porn at work could contribute to a hostile workplace if any women happen to even glance over their shoulders at your monitor. There are a lot of things that they are liable for, for which they can be sued for allowing access. However, anything frivolous that they fire/reprimand you for could be grounds for a discrimination suit, but as pongo said, you should encrypt anything that you want kept private anyway.

Encryption? Pray for a dumb employer ... (2)

Robert Hutchinson (266739) | more than 13 years ago | (#2188056)

"What's that, Hutchinson?"

"Oh, it's some encryption software. I use it on all my e-mail."

"I see ..."

"Yep, with this baby, I could send tips on bomb-making to some guy who lives in a shack in the mountains, and no one would be the wiser!"

"Oh?"

"Yeah, and the best part is, the encryption is unbreakable! Although some federal agencies sure would love to change that."

"Hutchinson, when was your last employee review?"

Guys, if your employer is ready to read your e-mail, what makes you think he'll just twirl his moustache and mutter "foiled again!" when he sees you've put PGP on the company's computer? I suppose you might argue that he'd be more likely to get in trouble for firing you over your protection of "privacy rights."

A job is not a right, a natural resource, or any other egalitarian ideal. It is an agreement to work for pay. Conditions can, and should, come with such agreements. Next time, don't sign on with any companies that reserve the right to fire employees who can't be bothered to look for porn on their own time.

Robert Hutchinson

Re:Er... Actually... (1)

Bobo the Space Chimp (304349) | more than 13 years ago | (#2188057)

Don't laugh. You develop software that kills someone, and the bug is traced to the nonconforming mouse, you are in a world of hurt.

Sure, it's unlikely, but high liability software houses will throw you out the door if you install anything other than the approved corporate load.

UI coming up. . . (1)

Aerog (324274) | more than 13 years ago | (#2188058)

Well, seems I'm the minority spending most of my time online reading Slashdot or just downloading things in the background.

Oh well. That's the perks of a summer student job designing and maintaining a website for a small town. If I were to get a serious job, though, I imagine it would change. As far as monitoring employee traffic, I don't think it's uncalled for, it's exactly the same as using security cameras in a grocery store to watch employees. The only adverse thing it does is give off a serious impression of distrust in your employee morals and work habits.

But then again, reading slashdot and downloading hardcore Pr0n at work are two completely different sides of the same coin.

Information wants to be free, unfortunately (2)

Waffle Iron (339739) | more than 13 years ago | (#2188060)

When you finish a phone call, the contents thankfully dissapear into the ether (well, maybe the NSA keeps a backup copy). E-mail and other computer transmissions, OTOH, can remain forever. Even Bill Gates learned this the hard way during the MS trial.

Even with the best of intentions or supposed legal protections, your messages will be burning a hole in a company controlled hard drive or backup tape long after you're gone. They could be pulled into the public spotlight even for unrelated subpoenas served to your company. Regardless of what the policies or laws say, common sense still says that it's wise to exercise a little prudence.

Encryption (1)

BigGar' (411008) | more than 13 years ago | (#2188062)

Several people have mentioned using encryption at work on their personal files, email, etc.... However, a lot of companies, several that I have worked for, as well as goverenment agencies have computer use policies that forbid the use of encryption software on their computers except for company business. Using it for any other purpose can be grounds for termination especially if you refuse to give the company the key to decrypt it as part of an investigation. It's something to be aware of if you go sown that path.

Re:DMCA to the rescue! (2)

gnovos (447128) | more than 13 years ago | (#2188064)

I would love to see that argument hold up... "Honestly, officer, I was decrypting the copy protection on my Matrix DVD to make sure that they weren't using any of my copyrighted material!"

Re:Encryption? Pray for a dumb employer ... (2)

gnovos (447128) | more than 13 years ago | (#2188065)

Actually, I would guess that it's a pretty good chance he won't be reading your email if you have PGP on your machine... Depending on what happened with the Dmitry case, your employer may go to jail for up to five years for reading it.

DMCA to the rescue! (3)

gnovos (447128) | more than 13 years ago | (#2188066)

If you encrypt all your email and use SSL for all communications, then as long as the DMCA stands, your employer can't spy on you without a jail sentence. People need to start encrypting things, not just your secret stuff, everything. Until we start doing this as a country and it catches on, we'll alwyas have to worry about who is looking over our shoulder no matter where we are...

Re:Privacy Schmivacy (2)

MrRudeDude (450053) | more than 13 years ago | (#2188067)

Well then, what should I do at work ? Read newspapers and books ? What, are we supposed to be limited to dark ages technology just because we came to work and get paid like good citizens ? I'd rather go on welfare and surf from home all day long.

Re:Absurd privacy invasion (1)

ryanwright (450832) | more than 13 years ago | (#2188068)

In my office, if I make a telephone call to my doctor to arrange a medical appointment does my employer have a right to invade my privacy by listening or recording my conversation simply because my employer owns the phone? That's absurd.

No, that's not absurd. Personally, I would not want to work for a company that recorded/monitored my phone calls, though I uphold their right to do so. If they pay for it, they should be able to monitor it. I do not mind their monitoring of my email: because email is a much more powerful tool than a telephone and presents many security & legal issues for the company.

Does he have a right to videotape me in the bathroom because he owns the toilet and pays the water bill? That's absurd.

Yes, that is absurd. While the company owns the toilet and pays the water bill, they have no right to watch you do your business, period. Why does this differ from the telephone? You're not naked. If using the restroom was as benign as using the phone in that department, I might have different thoughts. As for monitoring how you use the restroom, I believe employers have the right to monitor how many times you use it, or even to setup a system that only allows you x minutes per day in there. I'd never work for such a company and would protest anyone who actually did it, but I believe they have the right to do it if they so choose. As long as they can't WATCH you doing it.

Re:Simple concept (1)

ryanwright (450832) | more than 13 years ago | (#2188069)

The phone company owns the wires that carry your conversations. So I guess they have the right to "listen in," since you're using their equipment?

No, because you're paying for the use of those lines. A better analogy would be the phone company giving you a free phone line, and then paying you $25 an hour to use it. Then they would have the right to monitor it.

Re:PGP Mail against the rules? (3)

ryanwright (450832) | more than 13 years ago | (#2188070)

I should have the right to send encrypted mail from work if I feel like it.

No, you shouldn't. You are using the company's computers to send a message over the company's networks. That equipment does not belong to you; you do not have the right to do anything with it that the company does not explicitly allow.

We monitor everything. We scan all email for keywords. All encrypted mail is immediately discarded; we don't allow it for security reasons. For all we know, you could be stealing company secrets, sending/receiving a virus (whether on purpose or not), or engaging in illegal behavior.

We could care less if you send a message home to the wifey, although if it's explicit, expect it to get flagged for futher review (and salivation) by one of the geeks in the computer department - I'm one of many. All web activity is logged but we don't do anything about it unless you're blatently disregarding your job duties, or if it's pr0n or illegal. We've only fired one guy for inapproriate computer use. (He spent 2 straight days doing nothing but downloading hard core pr0n, presumably spanking it right there in his cubicle)

You have no right to privacy when using company equipment. When I pay for your time and own the equipment, I reserve the right to monitor how you use it.

Re:It's hard... (1)

Raging Idiot (457985) | more than 13 years ago | (#2188073)

He's right you know. I ran the phone system for a company I previously worked for. There was a log of all numbers called that the boss reviewed every so often. Towards the end, he was considering adding on a "recording system" that would keep a week's worth of conversations from the phone system stored. That one seemed to border on criminal to me, even though the phone system company offered it. It was one of the many reasons I left.

Re:One thing left out here. (1)

analog_line (465182) | more than 13 years ago | (#2188074)

Maybe everyone should use PGP at work?

This gets into some tricky legal issues. As far as I know, if your company provides encryption software to you, then you are legally obligated to give them your key(s). If they allow you to use encryption software but don't provide it, then they can't legally require you to give them your keys. IANAL of course, and and there's probably a far more accurate way of describing this, but that's how it's been explained to me.

Re:Who Cares? (1)

ComputerizedYoga (466024) | more than 13 years ago | (#2188075)

>>I mean, whats the big deal, unless you have something to hide?? Well, it seems to me that if you have ANYTHING that indicates you have idle time at work, your employers could use that against you, claiming that it is evidence of your unproductivity. In other words, innocent surfing could theoretically get you fired, in some companies... Not to mention the possibility of temporary files from popup and popunder ads on innocuous sites.

Double-edged dword (1)

jobugeek (466084) | more than 13 years ago | (#2188076)

I have just finished recently rolling out a web-usage monitoring system. I spent a lot of time trying to strike a balance as to what information was necessary and what was invasion. I decided to set up reports to each supervisor sorted as such:

  • User
  • Internet Catergory
  • Duration
By doing this, we allow management to see what employees are doing with their time while hiding the specific URL. I think this balances the pros and cons as well as possible. So now when a supervisor gets his/her report, it shows User A spent 35 minutes on a "Health" site, but doesn't disclose whether that site is www.pfizer.com or www.fitness.com

The brutal truth (2)

fantazem (466353) | more than 13 years ago | (#2188077)

My observation, and admittedly personal experience, is that privacy advocacy is most loudly shouted by those who have something to hide.

Of course, that is a generality, but I believe it holds true for the most part. I mean let's be real, of course you don't want your boss rummaging around your ePorn collection, or viewing your browser history and seeing all those monster.com submissions and perusals. What better way to keep him out then to start chanting "privacy in the work place".

As a note, I am a small business owner. I absolutely depend on the few people who work for me to be as productive as possible. If they're not, it could seriously hurt the solvency of the organization. I'll say though, that I am a pretty fair guy. I have no problem with routine personal email and phone calls. I would draw the line though on excessive personal use of company resources.

Fantazem (cuz someone else took my old nick!)

Re:Privacy Schmivacy (1)

cafination (469476) | more than 13 years ago | (#2188079)

what about drug testing for the school bus driver that you trust with the life of your child? Though I don't plan on breeding, ever, (and actually have a strong dislike for most children I meet) I can see why this is a perfectly reasonable example of appropriate manditory employee drug tests.

Re:Privacy Schmivacy (1)

emoeric (470708) | more than 13 years ago | (#2188080)

thats the good thing about surfing from work, though....high-speed connection :)

|---------------|
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?