With all the revelations about NSA and data it gathers, you can be rightly worried about your privacy.
Manage and Report Active Directory, Exchange and Microsoft 365 with ManageEngine ADManager Plus. Download Free Trial!
When you look at data it collects you see that all of your internet activity (mobile calls, mobile and stationary data) is collected and stored for possible threat analysis.
What may seem like the right idea, we can only imagine what can happen if data is abused.
Think you should fear NSA, think about your employer, they can get a lot of information’s about you and you don’t even think about it.
How does employer differ from NSA
The goal of legal spying is to obtain information that would help bring down the bad guys or prevent bad things from happening. Bad guys are real and they are around us. No matter where you look, walking around you in the street or sitting next to you in the office. You don’t know who they are.
Bad guys are not only the spies and terrorists you see in a movie or hear about on television. Bad guys are also present in companies where they have the intention to get the information they are not entitled to, either to know more than the rest and gain the leverage against other employees or to sell information for a profit.
If you have the system that monitors all communication and data you would be able to find patterns that would help you catch the bad guys. That applies to both, employer and NSA. That makes sense in a way. If you are the owner of a good business you wouldn’t want unauthorized staff to gain information they are not entitled to.
But there is a catch when looking at NSA.
Edward Snowden wrote a letter to people of Brazil in December 2013 where he wrote:
There is a huge difference between legal programs, legitimate spying … and these programs of dragnet mass surveillance that put entire populations under an all-seeing eye and save copies forever … These programs were never about terrorism: they’re about economic spying, social control, and diplomatic manipulation. They’re about power.
If NSA spy surveillance would be transparent and NSA had clear intentions Snowden would never have happened.
What about spying in the company?
Do you know that an employer can monitor your activities legally? If you have to use email, internet and are issued a company telephone your activities can be legally monitored.
Most common monitoring activity is internet usage monitoring. An employer can see which sites you visited, which games you played on Facebook, how long you were browsing and your browsing habit per month. Another common monitoring activity is email monitoring. By using archiving with journaling, all the emails that you receive or send are archived. That does not necessarily mean that email is reviewed. But it can be if deemed necessary.
This is the most common monitoring activities present in every medium to the bigger sized company.
What can be monitored?
The better question is what cannot be monitored. Basically all of your activities, from email, web activity, chat services like Viber, Gtalk, Skype…. An employer can see how much time you spent in each program and how productive you are.
What about a mobile phone that was issued to you by your employer? They can track from your location, your photos, your email, Gtalk, Viber, Facebook activities, SMS, iMessage, notes and browser activities, They can record calls… Basically, they can monitor your life.
What is more, you may not even know about it.
Professional grade software can be installed on your computer and it won’t be shown in Task manager, the same applies to mobile phones.
Programs can be installed on your computer without you knowing, anytime. But with mobile phones, it’s a bit more complicated. In order for the company to install the monitoring software on your mobile phone, they first have to obtain it. If mobile phone is delivered to you by IT Person, and most of the settings were set, then it’s possible for them install a special software that would track your activities, if the phone is delivered to you by a person who is not in IT and if it looks like it was not opened at all, chances are that your activities are not being monitored. If you are using Blackberry phones, administrators have the ability to track your activities without installing special software.
Reason for monitoring employee activities
There are many reasons for monitoring user activity, from productivity loss to fear of losing sensitive information’s. Let’s say that you are the owner of a big company and you have financial problems, the first action is to cut expenses. How do you know which employees are good and which are bad? By reviewing computer usage.
The second reason is fear of losing sensitive information. Companies that have increased security are most commonly government institutions like NSA, FBI or private companies working in advanced technology, OIL & GAS or Financial Institutions.
The third reason is the most abused. It’s called personal gain. A most common example is a rogue employee who is looking to obtain information for his/her’s personal gain. They are present in every company. It can be a man trying to get information about wages to have a leverage with negotiations. It can be a man looking for information that could be leaked to the press and do damage to the company for whatever reason or it can be a man looking for information he could sell. Very common abuse is also abuse from an administrator who is managing the software for monitoring.
I was a witness to a real-life example when an admin goes bad and monitors email/internet activity of a girl he really liked. He was my boss in one of the companies I used to work. She was a secretary, and he monitored from what she was browsing to her emails.
Another example is a vendor we do some business with. On one of the meetings, their Director told me that they installed special software for monitoring productivity. He told me: “You know, this software is so smart it logs the words one is typing, is tracking programs he is running and monitors time spent on programs. I can easily see who works and who spends most of his time on the internet.”
I was amazed, you do that? Why? I asked. Just for them to know they have to work and not mess around.
I asked their IT guys how do they go along with this and if they are also subject to monitoring. They said: “At first we were shocked, but we got around it, if we have to browse, we RDP to one of our customers and browse the internet from their session or we use our mobile phones.” Wow, they use their customers to browse the internet. Obviously that monitoring program didn’t have screenshot functionality, otherwise, they would have a big problem.
There are two ways to monitor activity. One way is to use the software that is “smart” and uses advanced AI and report on predefined keywords/actions. In that case, results will be emailed to the person who is monitoring activity. The other way is manual review by the human.
Monitoring employee activities vary from the USA to Europe. In the USA it’s easier to monitor employee activities than in Europe but what is common is that there should be a policy in place where monitoring activities should be explained. Where this matters the most is when you want to prove that someone was not doing his job properly or was trying to gain from information’s gathered. If you sack her/him because she was not productive based on results from employee monitoring he/she could win the case and force the company to hire him/her back or pay him/her a lot of money. This is especially true for Europe or in some of the countries in Europe where law privacy is very important. A lot of companies are aware of this and use monitoring for internal use. Later on, they find a way to get rid of an employee by using other methods.
Comparing the U.S. and EU Approach to Employee Privacy
Workplace privacy on Wikipedia
How common is employee monitoring
Employee monitoring is very common. Smaller companies who can’t afford expensive software generally monitor only web/email activity, but as soon the cost is not an issue(Cost of a good program can be even $500 per user. ), better software can be obtained which can monitor everything from mobile phones, locations, and activity on the computer.
Example of such software is:
and even free:
In the future I will start with employee monitoring software reviews. Stay tuned.
Leave a Reply