Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Lync Server Gathers Employee Data Just Like NSA

timothy posted about 8 months ago | from the except-they're-not-the-government-and-all dept.

Privacy 207

coondoggie writes "Microsoft's Lync communications platform gathers enough readily analyzable data to let corporations spy on their employees like the NSA can on U.S. citizens, and it's based on the same type of information — call details. At Microsoft's Lync 2014 conference, software developer Event Zero detailed just how easy it would be, for instance, to figure out who is dating whom within the company and pinpoint people looking for another job."

Sorry! There are no comments related to the filter you selected.

Slashdot Replacement (-1, Offtopic)

Anonymous Coward | about 8 months ago | (#46313757)

Come join us at Soylent News [soylentnews.org] , the premier Slashdot replacement? Everything about Slashdot you love, none of the shit you hate...except perhaps for the Golden Girls troll. And, get this - it also supports unicode!

-- Ethanol-fueled

Re:Slashdot Replacement (0)

Anonymous Coward | about 8 months ago | (#46313901)

They're getting lonely with so few people commenting.

Re:Slashdot Replacement (-1)

Anonymous Coward | about 8 months ago | (#46314243)

reminds me of antislash like 10 years ago

K5 - Rusty! (0)

Anonymous Coward | about 8 months ago | (#46314791)

Or is that, tin roof, rusty? Nothing a b-52 strike couldn't solve, though nothing for the madness that lurks within.

Looking for a job on company equipment? (1)

Anonymous Coward | about 8 months ago | (#46313759)

Seriously? You deserve to be fired.

Re:Looking for a job on company equipment? (3, Insightful)

flyneye (84093) | about 8 months ago | (#46313963)

A company that has to spy on it's employees deserves, a better business model, new leadership and a tax audit.

Re:Looking for a job on company equipment? (1)

RightSaidFred99 (874576) | about 8 months ago | (#46314153)

Good thing they just made the amazing discovery that a software based (or hardware based) voice system allows the owners of said system to determine who is calling whom, and didn't detail who these companies with a (lol) "bad business model".

Re:Looking for a job on company equipment? (4, Funny)

ColdWetDog (752185) | about 8 months ago | (#46314463)

Imagine, a database. Storing data. That you can run reports on.

Simply amazing what computers can do these days.

Re:Looking for a job on company equipment? (1)

davester666 (731373) | about 8 months ago | (#46314931)

They just might graduate from toys to useful tools for business in a few years.

Re:Looking for a job on company equipment? (1)

LordLimecat (1103839) | about 8 months ago | (#46314707)

An employee who doesnt expect it needs a reality check.

Heres some more shockers, from an IT consultant:
  * Your firewall / IDS is probably proxying all of your connections.
  * SSL is probably being intercepted to. You ever check who issues the SSL certs of your favorite sites?
  * DNS lookups may well be monitored.

The biggest shocker: Its not your machine, or your network, or your electricity. Its not your time, either. Their job, their rules: Get over it. Of course, you generally do have the freedom to walk out if you dont like the whole "not your resources" angle, smaller companies tend to do this less.

Re:Looking for a job on company equipment? (1)

lister king of smeg (2481612) | about 8 months ago | (#46314785)

An employee who doesnt expect it needs a reality check.

Heres some more shockers, from an IT consultant:

  * Your firewall / IDS is probably proxying all of your connections.

* SSL is probably being intercepted to. You ever check who issues the SSL certs of your favorite sites?

  * DNS lookups may well be monitored.

The biggest shocker: Its not your machine, or your network, or your electricity. Its not your time, either. Their job, their rules: Get over it. Of course, you generally do have the freedom to walk out if you dont like the whole "not your resources" angle, smaller companies tend to do this less.

I would but slashdot is won't give me ssl. :-(

Re:Looking for a job on company equipment? (1)

khellendros1984 (792761) | about 8 months ago | (#46314799)

I know that my employer both blacklists certain sites and intercepts SSL (the certs are signed by the company, and you have to either accept constant browser warnings or install the company's certs as a root CA in the browser. I agree; it's not my equipment or my time, so I don't really have a problem with the situation.

Re:Looking for a job on company equipment? (1)

dbIII (701233) | about 8 months ago | (#46314955)

I can't actually see a legitimate case for that, and in fact see it as criminal action unless the employer is actively informing people that they should not do their online banking or anything involving private medical details (or similar confidential information) in the workplace. Someone with access to the cache of their proxy device could do a lot of damage to secure accounts, and if they sell the details instead of steal the money themselves it would be difficult to trace. Do you really think people should be trusted with that in your workplace? I certainly don't want to be trusted with something that should be between the employee and their bank which has nothing to do with my workplace other than that's where the person is connecting from.
Paranoia about people leaking stuff from the workplace should not reach the level of spooks playing at being James Bond. If you are not military then people are going to find a way so there's no point going selectively GITMO on them if they can just walk out the door with things on a USB stick, phone or postit note.

Re:Looking for a job on company equipment? (1)

Anonymous Brave Guy (457657) | about 8 months ago | (#46315027)

I can't actually see a legitimate case for that,

There are certainly legitimate use cases for intercepting encrypted traffic. For example, many corporate networks use security devices that sit on the incoming and/or outgoing links to do things like scanning for malware or leaks of confidential data. Obviously they can't scan properly encrypted traffic.

In principle, the use of such tools can be in everyone's interests, including employees and customers whose sensitive personal information might be held within the network. In some contexts, use of this kind of technology is important both for actual security and to be demonstrate compliance with privacy regulations. However...

and in fact see it as criminal action unless the employer is actively informing people that they should not do their online banking or anything involving private medical details (or similar confidential information) in the workplace.

This is where I strongly agree with you. If the interception is done covertly -- and by that I mean if every employee isn't fully aware of the possibility, not just that someone once made an offhand comment in a company meeting that 50% of staff attended that of course IT do this so of course it's been disclosed -- then this practice is very shady.

It is not impossible to reconcile reasonable security/compliance measures with employee privacy. You just might have to make a modest effort to do it, like setting up a dedicated system in the break room that is suitably isolated from the main company network and employees can use if they really do need to send a private message about a hospital appointment while on a break or to access their bank account to check a salary query. I have no sympathy for an employer who claims this is difficult, given the relative cost of doing it vs. the much higher cost of setting up the kind of security infrastructure we're talking about.

Re:Looking for a job on company equipment? (2)

dbIII (701233) | about 8 months ago | (#46314923)

* SSL is probably being intercepted to. You ever check who issues the SSL certs of your favorite sites?

While true due to all those "SSL accelerator" devices in people's workplaces which employees are supposed to allow to do an MITM attack, it's still an utterly insane situation that renders SSL almost entirely pointless in an increasing number of places.

IMHO letting one of those boxes into a workplace should be a criminal offence since people do not understand that it is tracking details of their personal banking transactions (for an example of an SSL situation), if they happen to do it at work. Years of using MS product GUI's have conditioned people to do a quick click through and accept everything so the default ends up trusting some proxy box as if it is the bank.


It's tempting to think that these new SSL proxy devices are all information collecting devices for various intelligence agencies - however it's more likely to be stupidity for the sake of convenience.

Your reality check bounced (2)

Anonymous Brave Guy (457657) | about 8 months ago | (#46314953)

Its not your machine, or your network, or your electricity. Its not your time, either. Their job, their rules: Get over it.

Unfortunately, as long as employers are employing human beings rather than machines, the only people who think your position is tenable are HR, and Legal will do as much as they can to support it. Everyone else knows that occasionally you need to make a personal phone call during the working day, and everyone else thinks that listening in is creepy (not to mention illegal in many jurisdictions, at least if done as a blanket policy without reasonable grounds). Why should Internet access be held to a different standard?

Of course it's unreasonable for people to abuse work resources to spend all day looking for a new position. I don't see anyone disputing that employees are provided with those resources so they can do their jobs rather than for personal use. I don't see anyone disputing that work time is meant for work either, though of course things aren't so black and white when you get into breaks or what constitutes work time for salaried employees who don't get paid for fixed hours.

But things like deliberately and covertly MITMing secure connections to an employee's bank account, which maybe they're accessing because there's a legitimate question about whether their salary or expenses have arrived yet, is not acceptable. And no, some weasel words at the bottom of page 74 of your employee handbook saying generically that Internet communications may be monitored are not reasonable disclosure that this kind of practice is happening, IMHO. Either make it very clear that work resources may not be used for any personal matters -- and accept any negative consequences in terms of employee morale and/or retention and/or getting taken to a tribunal or sued -- or stop pretending that sysadmins playing Big Brother at work suddenly became acceptable because the word Internet was involved. It isn't, and in many places the law even says that.

Re:Looking for a job on company equipment? (4, Insightful)

lgw (121541) | about 8 months ago | (#46314533)

Wow, people really believe this sort of shit?

If it bother you that your employees are looking elsewhere for a job, perhaps try harder to retain them? I have standing offers to work for a couple of places, places that make the top paying employers lists. At this point in my career I don't really have to "look" for a new job, I just stop ignoring the offers. Yet I'm staying where I am - and not based on pay.

Want people to stay when they have plenty of choices? Try not pointlessly hassling them over shit like "using company equipment". You'd have to get pretty extreme with that sort of thing before you'd cost more than the cost of hiring someone new and them coming up to speed, even if you were such a dick that you even pay attention.

Re:Looking for a job on company equipment? (1)

LordLimecat (1103839) | about 8 months ago | (#46314709)

At the very least, looking for another job on company time is a waste of company time / resources. Yes, just about everyone goofs off @ work from time to time, but doing it to benefit yourself at the expense of your company is adding insult to injury.

Seriously, wait till you get home, theres really no justification for it.

Re:Looking for a job on company equipment? (1)

black6host (469985) | about 8 months ago | (#46314769)

You come across as very arrogant. Have you ever managed a group of low level employees who spent more time chatting, visiting facebook or conducting online personal shopping than they did actual work? How do I explain to the guy/gal across the hall that everyone is losing their jobs because the company is folding due to the other half just plain not doing their jobs.

I'm sorry but if I'm paying you, then you do what I pay you to do. If you're so valuable that you think you call the shots then I've got news for you: If you're not the capital behind the company, if you're not the one that is taking the risk of losing it all, then please do your job as requested. And if that means no personal business than so be it. Feel free to move on to all the other suitors in your professional life if you don't like it.

A company should work as a team, as if everyone's job depended on the success of the company. Because it does.

Re:Looking for a job on company equipment? (1)

dbIII (701233) | about 8 months ago | (#46314979)

On the other hand there's wasting time monitoring people. Sometimes that gets out of hand. Personally I'm sick of HR types saying they are checking what employees are posting on facebook when the proxy logs instead show the HR types are playing some sort of online game via the facebook portal. However I consider both to normally be a huge waste of time (as would me checking the logs if I did it for reasons other than trying to work out why traffic is slow).
That sort of stuff is how you can go from replacing one HR person doing 20 hours/week organising work crews effectively with two 40 hour/week people who are spending too much time reading about employees on facebook to get crews together at anything other than the last minute or later.

Assume all MS products are spying on you. (4, Insightful)

Anonymous Coward | about 8 months ago | (#46313761)

I have to use Lync at work, and I'd just assumed it'd be cc'ing keywords etc to HR and management.

Re:Assume all MS products are spying on you. (5, Informative)

dreamchaser (49529) | about 8 months ago | (#46313931)

People should assume that with any means of communication they use in the workplace. There is no guarantee and should be no expectation of privacy when using an employer's systems.

Re:Assume all MS products are spying on you. (0)

Anonymous Coward | about 8 months ago | (#46314087)

I was having a Lync chat with a co-worker a few months ago and she was talking about throwing a co-worker out the window (seriously). I tried to get her to stop but she was on a roll. Surprisingly, we're both still employed ... oh no ...

&(M!..
%#^^.!
NO CARRIER

Re:Assume all MS products are spying on you. (0)

Anonymous Coward | about 8 months ago | (#46314191)

I think we're pretty much there- I mean, do we really have an expectation of privacy anywhere?

Re:Assume all MS products are spying on you. (-1)

Anonymous Coward | about 8 months ago | (#46314283)

Yes. You can't stick you nose in my asshole without my permission. It's private. No electronic devices have been hooked up to my blackhole.

Re:Assume all MS products are spying on you. (1)

ColdWetDog (752185) | about 8 months ago | (#46314465)

Yes. You can't stick you nose in my asshole without my permission. It's private. No electronic devices have been hooked up to my blackhole.

Time for your colonoscopy, comrade!

Re:Assume all MS products are spying on you. (0)

Anonymous Coward | about 8 months ago | (#46314409)

There is no expectation of privacy anywhere. And if MS, FB, ect.. have these abilities then you have to entertain this question.

How deep are they into cooperation with US spying agencies? I am not buying this "we had no idea" excuse, and MS hasn't commented on accusations that they've willfully and secretively been helping out.

And if your communicating using your employers phones, computers, e-mail addresses ect. They shouldn't have the right to willfully collect any data unless they suspect you have been engaging in ill-willed acts against the company. I think you will see lawsuits out of this. But that depends if people working for these companies can find another job, so I also think lawsuits would be unlikely.

Re:Assume all MS products are spying on you. (1)

LordLimecat (1103839) | about 8 months ago | (#46314715)

You are not correct. AFAIK "expectation of privacy" is a legal term, and you DO have such an expectation at home.

I know its fun and all to throw hyperbole out there on slashdot, but lets try to stay in the realm of reality.

Re:Assume all MS products are spying on you. (1)

ComputersKai (3499237) | about 8 months ago | (#46314355)

Great. They should've posted this before I got Windows 8. :)

Can see how own network, messaging is being used!? (5, Insightful)

raymorris (2726007) | about 8 months ago | (#46313767)

I'm shocked and amazed. A company running their own messaging server on their own network can see how it's being used?!
Next you'll tell me that my company's email administrator can see email I send at work, through the server they administer.

Re:Can see how own network, messaging is being use (2, Insightful)

Anonymous Coward | about 8 months ago | (#46313785)

Yeah, and for the morons using company resources to look for a different job: don't. Use your personal cellphone, or something otherwise not funded by the company.

Re:Can see how own network, messaging is being use (5, Funny)

TrollstonButterbeans (2914995) | about 8 months ago | (#46313905)

This is why I prefer to do my job searches on a disliked co-workers computer.

Re:Can see how own network, messaging is being use (0)

Anonymous Coward | about 8 months ago | (#46314843)

This is why I prefer to do my job searches on a disliked co-workers computer.

What a coincidence, I'm doing my job search on your computer right now.

Re:Can see how own network, messaging is being use (1)

trout007 (975317) | about 8 months ago | (#46314045)

We had an email go out saying that people were using Bittorrent from home over the VPN and to please stop since it's illegal and taking up bandwidth.

Re:Can see how own network, messaging is being use (3, Informative)

fluffy99 (870997) | about 8 months ago | (#46314161)

We had an email go out saying that people were using Bittorrent from home over the VPN and to please stop since it's illegal and taking up bandwidth.

You guys need better network admins. Proper firewalling and proxying should block traffic like that.

Also, I shudder to think of the potential mess caused by allowing personal laptops to VPN in the first place.

Re:Can see how own network, messaging is being use (0)

Anonymous Coward | about 8 months ago | (#46314655)

Ever thought about such a lax policy could come from their boss? At the place where I work there are literally no restrictions and I am not at liberty to introduce any because my boss won't allow it. Anything that would in any way impair employees in doing whatever they damn well please is off limits to resrict.
Imagine the fun I'm having as an administrator in a company where everyone has administrator rights.

Re:Can see how own network, messaging is being use (0)

Anonymous Coward | about 8 months ago | (#46314949)

Imagine the fun I'm having as an administrator in a company where everyone has administrator rights.

That's not necessarily unmanageable, I've worked in a really large multinational where all employees had local admin rights, but IT still had full control and very few issues through the right tools, setup and policies -- including Network Access Control.

Re:Can see how own network, messaging is being use (2)

LordLimecat (1103839) | about 8 months ago | (#46314717)

Sometimes you do want all traffic on a work computer being sent through the VPN. There are a number of security reasons why it would be important to know that, for example, a user is connected to bittorrent simultaneously with being connected to corporate resources. Theres also a good reason for it to be against company policy.

Re:Can see how own network, messaging is being use (1)

Tom (822) | about 8 months ago | (#46314739)

I would have expected better from the /. crowd.

Especially to understand the difference between a theoretical ability to look at individual data and systematic large-scale data analysis.

You know, one is someone giving you the looks on the street - and the other is 24/7 stalking. As a society, we pretty much agree that one is fine and the other isn't.

this is why they have cell phones (2)

alen (225700) | about 8 months ago | (#46313771)

i work in the same building with a huge Tommy Hilfiger presence and always see people talking on their cellphones in a corner about what they do at their job

lots of products already do this (1)

Anonymous Coward | about 8 months ago | (#46313783)

Cisco and lots of other phone software vendors do this
my wife fired someone because they had the call details to prove she didn't call customers like she was told to do so

Re:lots of products already do this (5, Insightful)

BitZtream (692029) | about 8 months ago | (#46313987)

ALL PBX type software does this.

Anyone who wants to be able to bill internally HAS to keep this metadata to do internal billing.

Its also something that has been collected for the entire 30 years I've dealt with phone systems, and its not like it was new when I first started in telephony.

You're pretty fucking stupid if this is news to you.

Re:lots of products already do this (1)

Grishnakh (216268) | about 8 months ago | (#46314185)

Who would use a company phone to make personal calls in this day and age anyway? Doesn't everyone have a cellphone now?

Re:lots of products already do this (1)

Vrtigo1 (1303147) | about 8 months ago | (#46314235)

Me. It's a lot more convenient to reach over and pick up my desk phone than it is to fish around in my pocket for my cell phone, unlock it, etc. Plus there are a lot of folks that have poor coverage on their cell phone at work and using their desk phone prevents them from having to get up and go outside. Personally, I have a work IP phone at home and use it almost exclusively because my cell coverage is spotty.

If you work at a company that would care about who you're calling, then how happy can you really be with your job? I wouldn't use a work phone to make a personal call to China or somewhere else where the long distance rate might be expensive, but for everyday personal calls I don't see any problem doing it. How much can your employer really find out from knowing who you talk to? If they were recording the calls, then that would be another deal entirely. Fortunately I live in a state where that would be illegal to do without my knowledge.

Re: lots of products already do this (0)

Anonymous Coward | about 8 months ago | (#46314561)

[Your] use of this equipment consents to monitoring...

Re:lots of products already do this (1)

LordLimecat (1103839) | about 8 months ago | (#46314721)

Desk phones are more reliable, almost never drop calls, and have a lot of features that either dont exist or suck on cellphones like transfer, hold, conference.

In related news... (-1)

Anonymous Coward | about 8 months ago | (#46313789)

Schools can still search a student's locker because it's THE SCHOOL'S PROPERTY.

Re:In related news... (1, Informative)

The Cat (19816) | about 8 months ago | (#46314041)

It's the taxpayers' property, and the 4th and 5th amendments don't have an age limit.

Either get a warrant, or it's an illegal search. Case closed.

(I'm only replying because you are obviously the same person loudly and obnoxiously defending the corporate status quo above)

Re:In related news... (-1)

Anonymous Coward | about 8 months ago | (#46314095)

When I bend over, my anushole becomes visible. When that happens... oh boy, it's a feces fiesta!

Re:In related news... (-1)

Anonymous Coward | about 8 months ago | (#46314253)

It is not the taxpayer's property. You have been called out on this many times before in other discussions, and yet still have no idea what you are talking about. Please educate yourself instead of spitting out the same incorrect trash over and over again.

Re: In related news... (0)

Anonymous Coward | about 8 months ago | (#46314451)

http://en.m.wikipedia.org/wiki/Poisoning_the_well

A fallacy and a reverse assertion does not a refutation make.

Re: In related news... (1)

LordLimecat (1103839) | about 8 months ago | (#46314733)

He is not wrong to call GP out on his ignorance. Just about everything in that post was completely wrong. If someone continues to post stuff that is factually wrong and trivially provable, theres very little point spending the time to prove it in every post; telling them to "shut up and sit down" is not a fallacy.

Re:In related news... (1)

LordLimecat (1103839) | about 8 months ago | (#46314729)

BZZZT, Wrong. Schools do not need a warrant to search their own property (it is owned by the school, even if the money came from taxpayers), and the supreme court has ruled that during the schoolday, several of the Bill of Rights protections do NOT apply to school children.

Not sure where you got your law degree, but maybe you should take a refresher course.

today. (1, Insightful)

epyT-R (613989) | about 8 months ago | (#46313791)

So, as corporate policy becomes more like that of highschool, and highschool policy becomes more like prison, we're all kept in adolescent, fear-driven hell just a little more, already well past the sell-by date. Meanwhile, lawyers and software vendors write laws and software to profit from this stunting of society. More at 11.

Re:today. (3, Insightful)

ScentCone (795499) | about 8 months ago | (#46314149)

Start you own company, and make a point of having absolutely no way to deal with the communications your employers perform on your behalf. Don't worry, you'll never, ever be involved in any sort of lawsuit that would bring out the fact that you don't cover yourself. What could go wrong? You'll be fine.

Re:today. (0)

Anonymous Coward | about 8 months ago | (#46314189)

That's the fear line software sales gives to companies to buy their software. It's like the alarm companies, except the scary guy in a mask is you.

Re:today. (3, Informative)

bloodhawk (813939) | about 8 months ago | (#46314343)

It may be a fear line, but it is also 100% accurate. companies are constantly being sued by there employee's for NOT being vigilant enough in the work place, whether it is sexual harassment, bullying, corruption or workplace safety. Employers have a legal responsibility to demonstrate they are taking steps to prevent and monitor those situations and if they aren't it is a legal bonanza for staff that want to take advantage of it.

Re:today. (1)

LordLimecat (1103839) | about 8 months ago | (#46314743)

...Until one of your employees does something that could bring liability on you (like bringing proprietary information over from their last job, especially if it was federal --> private sector), and you have no way to prove that you werent complicit.

This stuff happens ALL OF THE TIME. Chris Christie is dealing with it right now. "Non-repudiation" is a pretty important thing when it comes to business communications.

Re:today. (0)

Anonymous Coward | about 8 months ago | (#46314421)

So, as corporate policy becomes more like that of highschool, and highschool policy becomes more like prison, we're all kept in adolescent, fear-driven hell just a little more, already well past the sell-by date.

Meh. My (LARGE)!employer claims the new corporate policy is that all employees must pre-register with corporate hq when personal travel will take the employee out of our home country. That's all employees, not just those who have monitored access to government secrets.

The more ridiculous their demands to control our actions become the more likely we are to just ignore all their rules instead.

Re:today. (1)

LordLimecat (1103839) | about 8 months ago | (#46314745)

There could be a lot of valid reasons for that, particularly if any of the work you do involves clearances.

I love it when slashdotters complain about how boneheaded policies are without having the faintest clue of the reasons behind them.

And why should you expect anything different? (4, Informative)

halo1982 (679554) | about 8 months ago | (#46313815)

If you're instant messaging someone on the company's IM platform on the company's time why the fuck would you have any expectation of any sort of privacy?

I know my company can see everything I can do when I'm logged on to their computer. This is part of the agreement I signed with them. It's also the reason why I don't do stupid shit on my company's network like look for another job or send out resumes from my company email address.

Oh wait, the outrage is because it's Microsoft. Got it.

Re:And why should you expect anything different? (1)

SleeplessDrone (2510746) | about 8 months ago | (#46313859)

Seconded, If you are using company resources to hunt for a new job or flirting with co-workers you're bound to get caught anyways. Also why would you give a potential employer your direct extension or company email?

Re:And why should you expect anything different? (1)

TrollstonButterbeans (2914995) | about 8 months ago | (#46313891)

FORTHed!

[You know, like the programming language that --- aw nevermind ...]

Re:And why should you expect anything different? (1)

Ziran (1931202) | about 8 months ago | (#46314489)

Don't worry, I recognised the reference

Re:And why should you expect anything different? (0)

Anonymous Coward | about 8 months ago | (#46314143)

I know my company can see everything I can do when I'm logged on to their computer. This is part of the agreement I signed with them. It's also the reason why I don't do stupid shit on my company's network like look for another job or send out resumes from my company email address.

Why should that be considered "stupid shit"? Shouldn't it be considered perfectly normal and appropriate to look for another job?

Let me put it this way. Right now I'm a grad student, which means I am essentially an employee of my university -- I teach classes and apply for grants for them, and they pay me to do it. In a year or two, having exhausted the possibilities of my current job, I will be applying for better jobs at my current employer's chief competitors. And, far from discouraging me or punishing me for that, my employer actively encourages me to do so and offers a lot of support to help me find the best job possible.

Why should things be so different in the corporate world? What, really, is the difference? Actually, employees are probably less likely to leave a company like Microsoft than grad students are to leave a university, since they don't get an awesome credential after 5 years at Microsoft that gives them a good chance of getting a better job elsewhere. Instead of being anal, maybe Microsoft should accept that some of their employees will leave, and even help them along in their careers, so that they'll say good things about Microsoft later, and so that Microsoft can brag about them if they succeed?

Re:And why should you expect anything different? (1)

ColdWetDog (752185) | about 8 months ago | (#46314481)

Ah, the innocence of youth.

Re:And why should you expect anything different? (1)

LordLimecat (1103839) | about 8 months ago | (#46314747)

Shouldn't it be considered perfectly normal and appropriate to look for another job?

On company time, company network, and computer? Id call that the height of foolishness, and the company would be right to throw a fit about it.

Re:And why should you expect anything different? (5, Interesting)

Tom (822) | about 8 months ago | (#46314731)

If you're instant messaging someone on the company's IM platform on the company's time why the fuck would you have any expectation of any sort of privacy?

Because you're a human being and don't leave your humanity at the door when you show up for work. Yeah, I know that is a strange concept for americans, but in many other parts of the world, it is very much still alive. Employees are also humans - wow, what a revelation.

Your expectation of privacy should certainly be different, but there's no sane reason it should automatically be zero.

Real-world example: In a company I worked for a few years ago I helped write the policy on this very topic. The final agreement was that the company could look into your e-mail and stuff, but only if they went to the workers council (elected representatives of the employees) and made their case. So if they suspected you of wrongdoing, or you were ill and had crazy important documents in your mail or personal folders, the company could look through it - in the presence of someone representing your interests.

The important difference is the same as in real-life criminal cases: With a system like this or the real world "must get a court order first" approach, you are innocent until proven guilty and it requires at least some reasonable suspicion before someone can breach your privacy. In a blanket surveilance environment, we're all guilty, period.

Re:And why should you expect anything different? (0)

Anonymous Coward | about 8 months ago | (#46314775)

If you're instant messaging someone on the company's IM platform on the company's time why the fuck would you have any expectation of any sort of privacy?

Well put George Orwell...

Re:And why should you expect anything different? (0)

Anonymous Coward | about 8 months ago | (#46314893)

If the company stores their info in my brain, how can they expect privacy?

isn't this a feature of all PBXs? (0)

Anonymous Coward | about 8 months ago | (#46313845)

Sounds like Event Zero was looking for some free press...
Every phone system I've ever worked with (Cisco, Definity, Avaya, OCS/Lync) can do this...

Internal Communications (2)

ZeroSerenity (923363) | about 8 months ago | (#46313851)

And a log is being kept about it? Who'dathunkit? *Groan* This isn't news.

My ex-boss would love this (1)

Anonymous Coward | about 8 months ago | (#46313853)

He loved using the phone records as management metrics to be used against us all. No personal phone calls allowed. PERIOD.

He just assumed everyone was plotting against him, stealing from him and looking for new job.

He was right about one aspect: Everybody was desperately looking for a new job but asking for time off or calling in sick was met with suspicion that they were going out on a job interview. He made it very difficult to look for a new job.

He never liked us conferring with fellow employees since he had to control everything. All information flowed down from him. Any information we had was supposed to flow up to him, but he didn't need us since he knew everything and any information we would tell him would be pointless.

Most of my fellow employees would just stop showing up or never come back from vacation. It was hell.

Re:My ex-boss would love this (1)

Immerman (2627577) | about 8 months ago | (#46314665)

An excellent argument for living below your means. Quit first, find a new job second. Enjoy your relaxing savings-funded vacation / job hunt in the interim.

Call Detail Records are an "attractive nuisance" (1)

davecb (6526) | about 8 months ago | (#46313877)

They're needed until the customer has paid their bill, and then should be deleted, just like library records of who borrowed what book are deleted when it's returned. Anyone keeping them longer is looking to make themselves a target for break-ins, subversion or court orders.

Telcos are often mandated to keep them, in the kind of "future crime" scenario that belongs in a movie like Minority Report (:-))

Re:Call Detail Records are an "attractive nuisance (1)

BitZtream (692029) | about 8 months ago | (#46313997)

As I recall, you write your name on a card that doesn't get thrown away until its full. when the book is returned, the card is put back in it for anyone to see. You can go to the library, grab the book off the shelf, copy down the names and dates on the card and return the card to the book, likely without anyone realizing your doing it for small numbers of books.

Deleting the info when the book is returned even today sounds unlikely unless they are inspecting every page in the book on return, otherwise when the next guy checks it out and finds missing pages or that someones kid thought it was coloring book, they wouldn't know who to charge for the damage.

Re:Call Detail Records are an "attractive nuisance (1)

Anonymous Coward | about 8 months ago | (#46314199)

The libraries I used no longer use cards. Checkout info is done on a computer system. When this first started, there was a question over law enforcement requests to turn over such info. After 9/11, (IIRC), the position of the Federal Govt. homeland security, etc, was that no warrant was required. A lot of Libraries, a field with a long history or supporting individual liberties and privacy regarding the right to read (censorship issues), and the right to keep it private, (no, not every library or librarian) put in place new polices: delete such info shortly after it is no longer needed. Then they have no info, or only info on the current items checked out, to turn over.
That is what my local library does. Even so, sometimes I think I should check out lots of books at random to create noise in any list of books I've checked out.

Re:Call Detail Records are an "attractive nuisance (1)

Zontar The Mindless (9002) | about 8 months ago | (#46314679)

My mom says your troll is about 20 years out of date. (She's a retired public library director.)

United States Workplace (2)

the eric conspiracy (20178) | about 8 months ago | (#46313887)

This sort of thing is ok in a workplace in the United States, mostly because everyone expects the lack of privacy with using employer's equipment.

Other places in the world offer more privacy in the workplace. Such capabilities could cause some real problems in those environments.

Re:United States Workplace (1)

lgw (121541) | about 8 months ago | (#46314563)

I don't care at all about it being private. I care only if my employer gives me shit about what I do on it. Maybe if they see me looking for work they'll give me a larger raise to make sure they'll keep me. But changes are, they don't care at all either - they keep records to respond to lawsuits, or purge them quickly if not required to keep them (keeping anything just makes lawsuits worse, so big companies keep only what the law requires).

/. crowd played (0)

Anonymous Coward | about 8 months ago | (#46313903)

nice way to run a tabloid, /. "editors"

um, yeah ... (4, Insightful)

cascadingstylesheet (140919) | about 8 months ago | (#46313907)

... because that's the way to retain good employees, spy on them.

Re:um, yeah ... (4, Insightful)

VortexCortex (1117377) | about 8 months ago | (#46314005)

Be careful, you are dangerously close to implying that it is good employees and not obedient workers that are actually in demand.

Re:um, yeah ... (0)

Anonymous Coward | about 8 months ago | (#46314859)

Be careful, you are dangerously close to implying that it is good employees and not obedient workers that are actually in demand.

Are you kidding? If the employee isn't obedient then they're worthless. If they won't do what I tell them then I'm just performing charity by giving them my money.

Company computers, company network ... (2)

MacTO (1161105) | about 8 months ago | (#46313909)

Given that this is dealing with company computers on a company network, it is their right to know how it is being used. I would hope that there is a strong privacy policy in place regarding any personal information that they uncover that is not a violation of company policies, but that is a hope and not an expectation.

Overall though, I would suggest that it is best to avoid doing anything at work that would stir up office politics.

Re:Company computers, company network ... (2)

The Cat (19816) | about 8 months ago | (#46314053)

Overall though, I would suggest that it is best to avoid doing anything at work

FTFY

Is Microsoft good for anyone? (0)

Anonymous Coward | about 8 months ago | (#46314133)

Apart from shareholders (you know who they are: they have hundreds of millions or billions of dollars in the bank). Is microsoft good for anyone? I see people like Forbes fawning over them for years, but unless you are a shareholder, they only thing you share with them is an overpowering greed. They destroy competition in the marketplace not through high quality products or better value buy by manipulation, monopolistic tactics, lies, coercion, threats, cheating and stealing. There are people who also see this as good (just like the overwhelming greed). None of their products are good for the software or technology industries: indeed, most technology companies avoid using their products because their products cannot be integrated into anything else without destroying the bottom line of any other company. They are bad for their employees because they aren't interested in innovation: innovation costs money, if they can keep the same level of profits with stagnation that's much cheaper. They aren't good for customers: the same old products year after year, with enough window dressing to make what is new incompatible with what was old, so customers keep paying for the same software they had 15 years ago (indeed, ID software developers found 16 bit API's in their graphics stack...software that had been originally written in 1992). They aren't good for the local government: they refuse to pay fair taxes: they 'export profits' to other countries with lower tax rates, robbing local schools of income for things like electricity and (ironically) computers, and now we find they spy on employees. We had a good idea that they allowed NSA back doors years ago, confirmed on a massive scale by Snowden that they spy on customers. Is microsoft a candidate for a company that deserves to have its business license revoked worldwide? It would seem so.

New levels of idiocy. (2)

RightSaidFred99 (874576) | about 8 months ago | (#46314145)

Wow, you mean a corporation has access to the numbers dialed by the people within the corporation!? Quick, call Ripley's Believe it or Not - I think I found something for the "believe it" pile!

Don't use corporate Lync for anything other than d (1)

Anonymous Coward | about 8 months ago | (#46314163)

I work for an IT company that is one of the largest users of Microsoft Lync outside of Microsoft.

I never, EVER, use my employer email, my employer lync chat, voice, video, and screensharing service, my employer supplied cellphone, and my employer supplied desktop and laptop computers for personal use. Ever. I have my own personal laptop, email and chat accounts, and personal cellphone for personal use.

Re:Don't use corporate Lync for anything other tha (2)

Vrtigo1 (1303147) | about 8 months ago | (#46314263)

It sounds like you have something to hide. I'm just the opposite of you. I don't have a personal home phone, cell phone, laptop, etc because my employer provides all of that stuff to me and they don't care if I use it for personal stuff as long as it doesn't interfere with business use. I don't see any sense in paying for something I already have access to for free.

Email is free, so I do have a personal e-mail addres but I use my work e-mail for tons of personal correspondence just because it's a lot more convenient and I don't really care if my employer reads the day to day e-mail conversations I have with my friends and family.

Re:Don't use corporate Lync for anything other tha (1)

Zontar The Mindless (9002) | about 8 months ago | (#46314705)

It sounds like you have something to hide.

Let me be the first to say, "Fuck you. (And you're an idiot.)"

Nudist with a vow of povery? (1)

dbIII (701233) | about 8 months ago | (#46315031)

It sounds like you have something to hide

What's a nudist with a vow of poverty doing here?

Don't Panic! (0)

Anonymous Coward | about 8 months ago | (#46314215)

It will get better. Take the "Business Microscope" (curiously removed from the developers website), which will give the boss a log of more than just communications. Bob Greene covered it earlier this month: http://www.cnn.com/2014/02/02/opinion/greene-corporate-surveillance/

They get caught up? (1)

sgt scrub (869860) | about 8 months ago | (#46314315)

"Lync does this no differently than any other enterprise communications system,” says Barry Castle". They are not lying. There have been better solutions for a long time. All of them integrate directory services (AD/LDAP) with information from everything, audio recording of phone conversations, video recording of desktop usage, real time network traffic information.

Regulated industries (2, Informative)

Anonymous Coward | about 8 months ago | (#46314433)

Companies in the financial sector - stock brokers, mortgage dealers, financial advisors and the like - are REQUIRED to archive and monitor their employees' work-related electronic communications, and must be able to demonstrate to regulators that they are actively doing so, or they face stiff penalties. The regulations are deliberately vague, but a general rule of thumb is that if an employee says something they're not supposed to say and the company's own compliance team failed to catch it, then they weren't doing enough monitoring and they can be fined.

Posting anonymously because I work for a company that specializes in communications archiving for the financial industry. And yes, we archive Lync IMs (and AIM and Facebook and Twitter and Salesforce Chatter and Instant Bloomberg and whatever else the kids are using these days, because if we can't archive it they're not allowed to use it).

Carve out one exception... (2)

mr100percent (57156) | about 8 months ago | (#46314443)

Once you claim "it's only metadata," then you open the floodgates for all abuse.

You can do exactly the same with Asterisk (1)

blackpaw (240313) | about 8 months ago | (#46314475)

Full call details can be logged from a asterisk server. Its pretty much std features for any PABX. Complete non story.

So? (1)

Bugler412 (2610815) | about 8 months ago | (#46314513)

This is different than any other chat/VOIP/Conferencing system in what way?

Re:So? (1)

lgw (121541) | about 8 months ago | (#46314571)

Well, Lync integrates call, chat, and "are you at your desk" information nicely, so it would give more data to mine than any system that only does one of those. But then, assuming the employer has some sort of system for each, it's still the same data to mine.

It's just CDR records. It's not like it's a secret (3, Informative)

Zarhan (415465) | about 8 months ago | (#46314807)

Lync stores the info in two databases, LCSCDR and QoEMetrics. The first one has info on all sessions, other one has quality data. It's not like it's some super-secret database, MS has full specs in Technet, for example http://technet.microsoft.com/e... [microsoft.com] shows what's exactly stored in SessionDetails table.

Yes, such info *could* be used to do data-mining. Same info could be used to optimize least cost routing, gathering statistics on network performance, planning upgrades, and whatever you like. I've personally crafted a few reports from those DBs on how much folks are calling PSTN from Lync on various customer sites, so they can decide what is the priority in upgrading E1/T1 to VoIP-based PSTN connection.

It's not a conspiracy. Server admins can look at what kind of stuff you are doing on such servers.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?