Ask Slashdot: Privacy in the Workplace 512
redactor asks: "I work as a sysadmin for a rather large corporation. The Human Resources department has gone on a witch-hunt, and wants me to start scanning user's email for porn. I know there have been some legal battles with this in the past. The company policy is that all data on company computers is property of the company, NOT the user, but I personally value privacy, and am refusing to do this unless it means loosing my job. How have other sysadmins been handling this?" Actually, since it's the office network, I really don't believe it's a voilation of privacy (unless said privacy was explicitly given...most workplaces don't make this guarantee).
Re:write a script... (Score:1)
Any "scan all email" approach is an invasion of privacy and is on slippery footing because the SENDERS are not and can not be notified in advance. Anyone who has given out their work email address so that freinds or relatives can contact them has then opened themselves up to having their email sent to whomever monitors it, and possibly being disiplined because of what someone else sent!
What happens when one employee sends a message to another employee that says, "I fucking hate manager X"? If the script trigers on fucking this non-sexual, work related email ends up in the "monitor's" email box. There is simply no way to write a script that will trigger ONLY on valid "Pornography".
Legally a company MAY have the right to look through employee's email boxes. Morality always depends on your point of view. It varies from place to place and time period to time period. What typically leads the way is the precidents that are set. In other words, whatever you do now will have profound effects on the future.
The thing to remember here is whatever happens will also apply to you, and do you want a "Private" email from your spouse, or significant other(s) being read by the "Monitor"??
As an email admin for a large company, I can tell you that if this issue came to me, I would refuse to cooperate in any way. If it came to the point where it was an order, or they were going to bring in someone else to do it, my resume would be in the hand of Headhunters and on job boards almost immediately. In today's job market, the employee has more leverage then normal. If enough people insist on privacy, corperate america will listen. The one thing I would do before sending out my resume would be sending an email to all the employees informing them that their email was going to be scanned.
I would caution you against saying that you had done it when you had not, or faking the results. These actions could end you personally on the end of a harassment lawsuit (because you covered it up), and make things much worse for the company in the event of a lawsuit (a conspiracy to allow harassment).
Here's some interesting questions to ask anyone requesting email/web scanning:
1. When are we going to start monitoring phone conversations and voice mail to make sure it is work related?
2. When are we going to start searching employee's as they enter the building to make sure they are not bringing in Porn or non-work related materials?
3. When are we going to install the microphones in all areas of the building to make sure no employees are flirting or having non-work related conversations?
4. When are we going to install the cameras in peoples offices to make sure they are only doing work?
5. When are we going to start neutering employee's so that they don't ever get arrosed?
6. When are we going to start monitoring employee's minds to make sure that they only think about work?
and maybe most importantly:
7. Who is the "MONITOR"?
Ben Johnson
Give the burden back to the Human Resources Dept. (Score:1)
But how about this, ask HR 'What is porn?', and how can my scanning scripts identify it?
Searching email manually for a large corp is out of the question. And what do your scripts look for. Dirty words? How many dirty words constitues porn? One? A hundred? Ask for a list of dirty words. Ask them to read the mail that your script flags (you can even have your script flag alot of totally innocent mail just to give them more work to do). Ask them to view all the binaries. In short, you can find a lot of work and unanswered questions to hand back to HR. Let them shoulder the burden. Hopefully they'll sicken of it and find some other useless project to justify their existance.
not true for me (working at IBM) (Score:1)
I read WWW during work all the time; a co-worker of mine uses IRC several hours per day during work -- so far, nothing has happened.
(Porn, of course, is a different matter. Not only do you use company property for private affairs, but you are potentially damaging the company's prestige.)
My boss told me the other day that, if an employee gets fired for surfing or having private phone calls, this will probably not have been the only reason he got fired. Probably, this will be just the good, justifiable reason HR has been waiting for because they wanted to close down your department anyhow or whatever.
Priorities (Score:1)
Re:Forget it... (Score:1)
Re: Hentai, Japanese child porn (Score:1)
So if a movie (with live actors) shows a woman being raped or a child (real child actor) being graphically killed, this is allowed because it it not harmful to children. But drawing pedophillic scenes involving people who never even existed is somehow ok. I'm confused. Why is a ficticious portrayal of one crime againse a child acceptable to the public but not another, esp when the latter doesn't even involve children in any way.
I think the problem is that as CG and technology make fake child porn look more real. Cops raiding someone's stash will, sooner or later, be UNABLE to tell if a tape contains real child porn (illegal) or perfect, indistinguisably life-like CG child PORN (legal). Rather than having to worry about the diff, it's easier to just ban it all right, even if it does trample of freedeom of speech and of the press. In what way can free expression utilizing pencil and paper get me jailed? Up 'til now, the anyway the answer was not in any way. You DON'T see a dangerous slippery slope starting here?
Re:The law is irrelevant here (an old hands notes) (Score:1)
Go ahead and do it. (Score:1)
Right? What right? (Score:1)
Go read Beowulf, (Score:1)
Agreed.
In Elizabethan english,
Ah, here's the problem. Go back further to middle or old English.
there was both a familiar and a formal version of the second person singular pronoun. The familar version was "thou" or "thee" Thou as the subject of a sentence: "thou hast a chicken on thy head", and thee as the object: "I despise thee." Neither of these words were every written with a thorn.
Wrong. Check out this university [buffalo.edu] explanation of the thorn and see it used in 'the' and 'thou'. Or go read Beowulf in the original Old English. Besices the thorn English once used the eth (The unvoiced 'th' sound line in 'thought'), the asc or ash (the joined ae ligature still occasionally seen [today!] in words like encyclopaedia.), and the yogh (resembling a descended 3 with a flat top). People have such static concepts of the English alphabet and think if never changed. Heck, J and V and W are all fairly NEW additiona to the alphabet. Since ae is still used today, how many letters does the English alphabet really have again?
Scan, but give fair warning (Score:1)
If your managers have told you to do the scan secretly, because they are on a power-trip & want to "catch" as many of their employees as they can, then I'd probably follow the advice of some of the other posters & falsify the results (no porn found sir!) & start looking for a job at another company with more rational people in charge.
Re:If privacy is explicitly NOT given... (Score:1)
IMPORTANT (Score:1)
You cannot use this information to "prosecute"/fire/kill/etc your users *UNLESS* you have directly given to them a warning that the emails are monitored, i.e. in the MOTD of the mail server if they have shell accounts, or a company memo sent to everyone on paper (not on email, natch), or even better: a signed letter back from each user.
Ask the company lawyer about this. At the very worst it will delay your scan when you tell your boss "There are some legal issues, so I am checking with the company lawyer". With any luck, you will be told to forget about it.
Q-Bert
Re: Hentai, Japanese child porn (Score:1)
Re:What you should be looking for... (Score:1)
I find that scanning the manager requesting the scans, and including that in the report, and sending a copy to the IS director (as justification for all that scanning time) is effective in cutting the volume and frequency of requests :-). If you suggest that to your IS managemnt, they might take you up on it (as a cost control measure, of course).
Also, suggest to HR that they should be more interested in private business deals, stock trading, coupon trading, pyramid schemes and so on. Non-business use of email is hardly ever about porn, in my experience, since most of the porn is more easily available through HTTP. Most of the sexy hits I found were spams, and we don't prosecute for mail received, unless we can show that it was solicited...
Re:Are we moral sensors now? (Score:1)
Re:Don't scan, and say you did. (Score:1)
Ethics codes from professional organisations (Score:1)
Personally, as a sysadmin, I would not scan everyone's mail for porn, or religion, or anything without ensuring everyone knew it would be done. The trust of all your users in you rests in two things: "I could read you mail but I don't" and "If I do happen to see your mail, like when you have problems reading it, I do _not_ tell anyone else what's in it". Once you lose it, it's gone forever. If your users know what's going on, they can't consider it as you abusing your authority without them knowing. And if they know the company is doing something that just doesn't work, isn't fair, and basing the treatment of employees on it, they might well vote with their feet.
It's practically impossible to scan for porn, or religion, or Monty Python references, or anything else complex. Your company's policy is deeply flawed if they think it is, and it's up to you as a professional person to educate them about what is and is not possible. For example, ask them to define 'porn' in such a way that a machine can scan for it. Then ask them to define, say, "company sensitive information" and similar things.
IMHO - good luck settling this to everyone's satisfaction.
Nicolai
Re:why must everything have a glib response? (Score:1)
I kept thinking "What does this have to do with glib? And shouldn't that be glib2.1?"
I need to get out more...
Scan for the BIG files (grin) (Score:1)
Mark Edwards [mailto]
Proof of Sanity Forged Upon Request
Re: Crypto in France (Score:1)
Though that used to be the case, France has recently loosened its crypto restrictions [slashdot.org]. IIRC, they now allow up to 128 bit private key crypto.
Alex Bischoff
---
Jesus... you still work there? (Score:1)
As for losing trust for every employer -- don't. There are plenty of decent people out there who know how to treat other human beings in such a way that they are both respectful of and productive for them. (Hint: It involves treating them as human beings.)
- A.P.
--
"One World, one Web, one Program" - Microsoft promotional ad
Here's an idea... (Score:1)
It has worked elsewhere...
ttyl
Farrell
Re:Don't do it - I wouldn't. (Score:1)
You are a person of conviction and honor - I respect that. Too damn bad you're likely to be jobless with those qualities. Speaking out about or refusing to enforce company policy is a very fast way to find yourself out of a job - I know. I got fired once for loudly protesting a random drug testing policy. I'd do it again, but this time I'd have more $ in the bank before I did it... Zonker
Re:privacy advocacy (Score:1)
please, share whatever it is that you're on -- i haven't been that out of touch since they last cracked RSA . . .
Re:What you should be looking for... (Score:1)
^~~^~^^~~^~^~^~^^~^^~^~^~~^^^~^^~~^~~~^~~
Yes, but would you work at a such a company? (Score:1)
Isn't about privacy. (Score:1)
You've got to be kidding if you think this is an invasion of privacy. When you started working there they told you about using corporate equipment for things. There is a degree of trust and respect, you call your wife from work and talk to her about dinner or weekend plans. You send emails to your friends from time to time. Porn is a perfectly reasonable place to draw that line, it can be sexual harassment, and it can invade the privacy of people who accidentally see it.
The alternative is to start your own company, buy your own hardware, hire your own people and the let them do whatever they want. And then deal with the work place harassment suit when a female employee sues you. We're talking about the bottom level of professionalism here, we're not talking about peering into people's private lives. If you want to view porn then do it privately, not in your place of business.
Re:Gender free pronouns. (Score:1)
Yet, when folks in the South try to remedy this situation by using "y'all", to overcome an obvious deficiency in our language (lack of clear distinction between third-person singular and third-person plural), they come off sounding uneducated/rural/provincial.
"The number of suckers born each minute doubles every 18 months."
Re:Forget it... (Score:1)
Fortunately, the school administration understood when the situation was explained to them, and so backed off, after we promised that the sender would be spoken to, and punished. (no email for a month).
Now his freind just sends annoying chain letters, and still hasn't learned that Bill Gates is not going to show up on her doorstep with a Disney vacation, a truckload of M&Ms, and 12 juvenile cancer patients that are cured now that she mailed her junk to 20, not 19 of her friends.
"The number of suckers born each minute doubles every 18 months."
Re:Human Rights (Score:1)
"The number of suckers born each minute doubles every 18 months."
Re:Forget it... (Score:1)
(example provided as sarcasm, and to illustrate a point - personally I fear my company because I'm aware of their policy, that it's their equipment, and I'm a good little worker)
"The number of suckers born each minute doubles every 18 months."
Re:Let me get this straight... (Score:1)
"The number of suckers born each minute doubles every 18 months."
At my job... (Score:1)
I guess that's the advantage of working at a cosy startup.
My thoughts. (Score:1)
Needless to say, the only filthy things that arrive via email tend to be ads for web sites. Thats all I get and I get WAY too much of it. I would think that those scans would yield endless garbage.
I feel there is nothing wrong with doing this as long as everyone knows. At my father's firm (large construction firm, very conservative), all mail is opened and checked out by the president. When my parents went through a divorce, my dad would talk to the lawyer who was sending faxes 15 sec before he did to make sure he was the one who got it. To prevent office gossip. I find very little wrong with this. Work is work and just that.
Now, I read slashdot, salon, and a few other things every day from work. I take my break time and split it up.
I think that everyone should know about monitoring policies and should deal with it themselves. If you want a personal email, get an account somewhere else.
Re:You don't have the privacy right (nor should yo (Score:1)
Sorry, slipped into Bill Murray mode for a minute....
The legal shit... (Score:1)
This is still a gray area; no case has yet to reach the Supream Court (that I know of) that has provided us an answer. However, the Electronic Communications Privacy Act of 1986 does provide some context (Title 18 of USC, go look up the section for yourself, you can expect me to remeber everything. Chapter II of the ECPA adds to Title 18). And recent state and lower level decisions also give some level of protection to both the Company and the Person.
The ECPA deals mostly with government behavior and monitoring, but it does not exempt the Company from its regulations. There are two areas that are closely related to the Company-Person relationship: (1) where the provider of the comminication service is allowed to monitor the communication and (2) where the monitoring is done in the normal course of business.
The first issue allows the Company to monitor services that it provides. A phone is considered a "common carrier" and is thus protected, however a successful defense had been made in the case where the phone is an extension and the company owns the PBX. The same protection is granted to mail since it is carried by the USPS. However the Company is allowed to search voice mail. Email is also monitorable since it is a service provided by the company (however this obviously does not extend to the idea if you telnet out and read your email on a non-Company machine. The Company would be allowed to monitor your telnet session, but not your email. This is what we have ssh for
The second issue is rather broad. It provides a delineation between business and person communication and implies that business only communication may be monitored. It also provides a defense for excessive targeted monitoring. There has already been successful litigation of this type. (In California, I think) An employee sued his employer for monitoring his phone for 24 hours straight to determine if he was attempting a robbery.
Consent is a very important issue. "Implied consent" is not valid to allow communication monitoring. The courts have held a very hight standard for this. There is one clear case where the company provides an "expectation of privacy" and then violates this. An expectaion of privacy can be anything from explicitly saying that there will be no monitoring to not specifying a policy (yes, that means by default you have an expectation of privacy). The more blurred case, but still non-monitorable is when the Company say the the Employee may be monitored. This does not give consent for monitoring.
The bottom line for a company to be completely safe is to provide a clear policy stating that the person *will* be monitored. The company should not try to monitor what they do not own. The company should only monitor business related communication.
-jason
Re:Get the 'witch hunters' fired... (Score:1)
One or two snail mail subscriptions to fetish mags delivered to the witch hunter at work should get the mailroom people talking too.
Jack
character assassin
Systems Admin's Code of Ethics (Score:1)
This is a wonderful example of an ethical code for Systems Admins. The third paragraph of Canon 1 is especially apt in this instance. It boils down to 'A sysadmin should follow the policies given by the company as law, but should attempt to properly see those laws changed when needed'. UNTIL the policies of the network are changed, the sysadmin should follow them, or explain in writing why s/he believes there may be an issue with the way they are to be carried out. Then, the Systems Admin must make a choice on whether to enforce the company policies until they are changed or refuse at the risk of his/her job. S/he should explain fully in writing the reasoning behind and state EXPLICITLY why and how s/he believe this violates his/her code of ethics, either personally or professionally. That way, if the systems admin does lose his/her position, at his/her next post that systems admin can reference this ethical conflict and back it up with a written statement.
Re:write a script... (Score:1)
Not really. It's rather easy for a firewall to block ICQ. They did it at my old job. Although they never were able to completely block AIM (can choose a random port).
Although I do have to agree that SOME form of chat software would work a lot better. Of course encrypted e-mail, or at least offsite mail would be the best recourse. I personally ssh into my machine at home, and I can get my mail from there.
Re:Phone calls vs. E-mail (Score:1)
Phone calls cannot be monitored because the phone line is considered a "common carrier" and thus not the property of the company.
Wrong!
In the EC within the last month, laws have been drafted to make it mandatory for companies over a certain size to provide unmonitored payphones in an area of privacy. All to do with a legal precident set by some office worker who claimed the company was acting unfairly by not allowing her to 'phone her doctor or something.
IMHO that's a good balance. You can't make personal calls on company extensions, but you do have access to unmonitored payphones in a booth.
It's only a matter of time before this also applies to email here in the EC. British Telecom are already trialling 2,000 email pay booths at train stations and post offices.
--
Re:But when is child porn not child porn? (Score:1)
I always thought moderation on slashdot was supposed to kill "me too" or "first post" type posts and elevate paticularly good points not suppress interesting posts
Legal issues... (Score:1)
It may not seem really ethical to search through *everyone's* email, looking for the few that abuse the system. But it's likely that your company is not using you in some twisted ultra right-wing Nazi sex hunt, but are just trying to cover their butts from the lawyers. I would help them out.
the full-frontal strategy, and the judo strategy (Score:1)
Strategy one.
Point out that it is impractical to scan encoded attachments, especially if they are images.
Point out that users have no control over incoming unsolicted email. Point out that "unsolicited" is tricky to define.
Point out that filtering on keywords is a doomed enterprise. You won't be getting any mail from Scunthorpe, for a start.
Point out that the resource required to implement monitoring could be better spent in improving the workplace in other ways.
Find out the goal. Is it to prevent people goofing off? Is it to forestall harassment lawsuits? Is it control your bandwidth consumption? In the first case, give people meaningful work to do. In the second, educate the legal people to understand how this is outside the effective control of the company. In the third, bill people for email based on your server logs.
Write a 50 page cost-benefit analysis.
Strategy two:
Agree. Tell them that you'll be happy to start as soon as you have a $FAVOURITE_MEGABUCK_SERVER_PLATFORM to cope with the expected server load. Aim high.
Make it too expensive (Score:1)
I see a Catch-22 here (Score:1)
It seems reasonable to this author that one can refuse, on the grounds that the company is expecting the sysadmin to view material that is either distasteful or illegal. No company can expect its employees to break the law to further company business.
It is too easy to get into casuistry, or specious arguments, here. There are legal definitions of what constitutes pornography, so the philosophical question "What is art?" may not apply here. But the corporation should be clear on where the boundaries of its rules and legal rules lie.
Re:Forget it... (Score:1)
Assuming I was not being watched over my shoulder, I would delete anything I found that was worthy for HR to fire someone over, but not something truly moraly offensive (eg kiddy-pr0n). Perhaps I would send them a "big brother/guardian angel" message, to scare the witts out of them.
Of course, not to raise any eyebrows, I would turn in a couple people that did things that couldnt get them fired (like that one guy who is subscribed to EVERY joke list on the net, and insists on sending it to everyone in the company, and maybe the person who had to CC the starwars trailer to 30 people vs putting it on a webserver)
Of course, this is my humble opinion.
:-)
Enjoy,
Mike
Re:Forget it... (Score:1)
*EVIL GRIN*
And now for something completly diffrent...
Mike
(Nothing I say should be taken seriously, as it may cause mental damage)
I'm not sure about the policy ... (Score:1)
Re:Are we moral sensors now? (Score:1)
Does the fact that he can't download any child porn off the net to jerk off to mean that your neighbor will molest your boy looking for his high?
his ? whats this his business? perhaps a large slice of sexual offenders are male, but NOT ALL.
BOFHly Fun (Score:1)
With the proper gifsniffer, you can have hours of amusement seeing how users hide these things. One guy had them all named *.o and *.c; looked like one big code release. Made the mistake leaving an index README file in there, since I didn't recognize the 'package' name and I was curious as to what code was worth him going over quota. I usually just point out to them that they are over quota and here are some directories that would be good candidates for deletion (or archiving to home) - you do it, or I will in two days.
We've had users waste my precious time asking for file restores on their porn. This usually results in the deletion of all their porn and a nasty note. We've also had a user clog to unusability an ISDN link to a remote office with porn. He got a serious spanking for that one, I believe.
Re:what I got away with at IBM (Score:1)
This is unbelievabe! Just five minutes ago I read this on rec.bicycle.misc:
Makes me think of my favorite quote from Hunter Thompson -- "Faster, ever faster, until the thrill of speed blots out the fear of death..."
--
Re:Why porn? (Score:1)
While I can certainly understand the management's fear of sexual harassment suits, let's ignore that for the moment and concentrate on the misuse of company time and resources. Again, I must ask: why single out pornography? Jokes, slashdot, warez, mp3's and a host of other material are not fundamentally different from pornography in any way that I'd consider relevant. Can you rightly consider ten minutes wasted on porn to be worse than ten minutes wasted on "tech support callers from hell"? I say you can't.
Your employers seem generous and reasonable people, but for them to want to decide what is and isn't ok for you to view based on their opinions rather diminishes the quality of their character in my eyes.
--
Why porn? (Score:1)
--
Well, there better be (Score:1)
--
Monitor all of the executives' email. (Score:1)
A threatening atmosphere costs $ in productivity. (Score:2)
Maybe so, but if a company creates a work envorinment where they feel watched all the time and that the slighest wrong movee will bring an axe down on them, their efficiency and productivity will suffer. Quality of work will drop. Losses to the company from reduced productivity may hurt the company more than if they just turn a blind eye to employees web surfing. So long as employees are doing their jobs, let 'em be happy. Happy workers are productive workers. As long as they're not hurting each other (sexual harassment) or hurting the company excessively (downloading 50GB of porn per day), just ignore minor transgressions. They're harmless. No one wants to work for Big Brother and forever live in fear of the wrath of Management.
Company Resources, so... (Score:2)
That said, the company most likely owns the mail server and the computer that you type mail from, as well as the email address you have at work. While the medium on which this goes out is public and cannot be scanned, there is nothing wrong with the company caring about how their server and email addresses are being used. (and as pointed out, this strictly has to be on outgoing mail; Any malicious person can easily send a porn ad to your work email without your consent. Additionally, Melissa-like email viruses must be taken into consideration as well, as too many companies are Outlook Express and Office people).
So if you are working for MegaCorp.com, they have every right to scan the mail on mail.megacorp.com for problematic ones. Not only is that their company policy, but if underpaid_worker@megacorp.com starts spamming bgates@microsoft.com with porn, MegaCorp's reputation can also be tarnished.
The problem is how they approach this. Porn in the workplace is a bad thing to begin with (Shades of Clarence Thomas here), and email is no exception; not only is in inappropriate, but it can lead to sexual harassment suits (In the past, I've seen a coworker talk rather vulgar and get bad glares from other workers, and that person was then talked to behind closed doors). Additionally, that email address is provided by your place of work for work-related purposes; unless you work for a porn place, porn is not work related, much less numbers of mailing lists and such. Many places are lax on that only because all work and no play == low productivity.
However, if the place of work started to demand access to your aol.com account that you paid for, sue the heck out of them.
Anyone that is intelligent enough, IMO, would have a mail account that is for more private things, whether personal communications between friends or porn or whatever, and would only access that from home.
Policy needed (Score:2)
Since that doesn't seem like it's the case where you are, SAGE [usenix.org]'s Code of Ethics [usenix.org] for sysadmins might be personally helpful, at least.
--
Are we moral sensors now? (Score:2)
But by saying it is okay to censor something, even as bad as child porn, we have allowed an infrastructure to be built which lets us watch people and prosecute them for their communications. Just as in the classic slippery slope argument once anyone who looks at child porn goes in jail who will object when they push the line up to 'anal sex with an under 21 year old.' Each step is allowed because who wants to be identified with the small percent who watches 18 year olds get ass fucked?
Secondly while child porn is a bad thing such a massive invasion of our rights to communicate should, like any law, only be enacted if it prevents the violations of others rights? Does the child porn law really do this or only make us feel good about a subject we would rather not think about?
Does the fact that it is illegal to distribute child porn mean that more porn is made b/c the distribution is so difficult? Does the fact that he can't download any child porn off the net to jerk off to mean that your neighbor will molest your boy looking for his high?
Maybe if we only banned commercialization of child porn images less children would be molested. If they themselves weren't going to be thrown in jail we might have more informants on who is doing that actual abusing.
It is possible that the child porn laws and restrictions are a good thing despite their danger to our freedoms (worth the risk). However, the knee-jerk reaction to censor the material without even stoping to think about it is one of the worst reactions imaginable.
Just _warn_ everybody first! (Score:2)
Simple eh?
LINUX stands for: Linux Inux Nux Ux X
If it were me... (Score:2)
The results of this scan should only be seen by a few authorized managers (not even you/me, if possible).
That covers me ethically. The authorized managers, if ethical (and good managers), will make rational and intelligent management decisons on how to act on the results.
My suggestions here: If the offending material is not illegal (not child porn or whatever might be illegal in your municipality) then the offender should be reprimanded privately. If it is illegal, well ...ethics is a tough subject matter ..you're on your own. It is important that all offenders are treated equally though.
Re:privacy advocacy (Score:2)
However, in my opinion, there is no justification for drug testing if an employee isn't employed doing anything that could endanger someone else's life.
I would excuse drug testing if an employee shows impairment on the job. In that case, firing them is justified. This would include alcohol.
him/her --> them, he/she --> they (Score:2)
Once upon a time, them and they were not specifically plural. Why not make them the gender-neutral pronouns? People do it everyday by accident, why not just make it the rule?
At the very least, everyone will understand what you're saying. Nobody should get offended, except for some grammar bigots out there that have close-minded views on the modern evolution of language.
--Joe--
Re:Scan HR's mailboxes (Score:2)
However - this is a sure way to get fired, since everyone is equal, except for those in management, who are MORE equal. Rub the people in power the wrong way, and you'll end up with no reference from this job.
Re:Phone calls vs. E-mail (Score:2)
However, we need to keep in mind the psychological side of authoritarian monitoring. Employees, like teenagers and political dissidents, will rebel against oppressive authority. If they feel trusted, and able to lead comfortable lives, they will produce. If they feel stiffled, they will spend a disproportionate amount of time figuring out ways to thwart their restrictions.
In my company, there is a monitoring disclaimer pinned to every billboard (by every entrance) that states that monitoring is thorough and logged in the event of a tresspass. We do not have Echelon in place, since it would take a large department to pore over the data each day. But, my phone call frequency and durations are logged, my web browsing habits are logged, my entry (via keyed access card) is logged. Perhaps a log is kept of the programs I run during the course of my day...
Or maybe it isn't - maybe this is just the panopticon approach to security. Maybe they cfreate the illusion of mopnitoring to curb people's behavior. I don't know if it works, but I know it does not work on me. I'm typing this from work.
If I get fired for reading
Professional ethics (Score:2)
The way I look at this is that a system administrator has a professional responsibility to to insure the integrity of the systems under his control. This means doing backups, deleting growing log files, installing security patches, and not prying into the private files of others. While it is true that the company owns the computers and the data, you have a professional responsibility to protect the data on the system.
You should politely inform Human Resources that while you have the technical means to perform such monitoring, it would be unethical to do so since you would be risking the integity of the system.
Your monitoring might pry into sensitive company matters, personnel issues, business plans, customer lists, accounting information, and other data you have the responsibility to protect.
I feel that like doctors, lawyers, and clergy, we have the duty to keep things private and to protect data.
--
Howard Roark, Architect
Re:Forget it... (Score:2)
Corporate vs Individual Rights (Score:2)
Look back a few decades. This is what states, schools, orphanages, mental hospitals, and other institutions thought about their property. For the most part, that has changed. Should corporations be exempt from free speech issues? Should corporations have more rights than the individual?
Scan web caches (Score:2)
Of course, it's easier to configure the firewall to log all connections, and then crossreference with a list of known porn sites.
Of course, if they insist on scanning email, be sure to point out that you should set up filters to check for porn access via gopher.
You don't have the privacy right (nor should you) (Score:2)
IMHO, it's the company's e-mail account, network etc. you are paid to work, but at the very least not to mess around with objectionable material that could potentially hold the company liable for if the wrong person gets some dirty e-mail. Don't think that e-mail privacy is your right at work because it's not. If you want privacy go get a hotmail account...:)
Whoever posted Vidi vici veni is genius...
write a script... (Score:2)
then have the script mail the postmaster (if that isn't you) a copy of the offending mail, and they can bring it up to management.
perl is cool.
Do you work for HR? (Score:2)
If not see what you boss thinks of this (assuming
he is not an idiot).
Tell them you bussy and don't have time for witch
hunts. If they keep bothering you (and they are
a bother) stall.
If all else fails find an old line printer and
print out the contents of every mailbox and tell
them you don't have time to go through it all.
So they can.
I wonder if they read MIME
Re:What you should be looking for... (Score:2)
Re:But what do you do? (Score:2)
Jeez, and I thought BOFH was a joke (Score:2)
What to do (Score:2)
I had to deal with a slightly different matter, but also related to the privacy of e-mail in a corporate environment. Here's how I handled it.
#1 tends to work very well. People tend to be afraid of getting called on the carpet later about privacy issues when word leaks out. Just make sure that when work leaks out that you have your personal butt covered.
Send out a reminder first. (Score:2)
--If we added up all of the 2 cents that Slashdot readers gave, I wonder how much sense vs. cents wed have.
joey
What do they hope to achieve? (Score:2)
What do they hope to achieve with this action?
As others have pointed out, individuals can *not* control what others send to them. Finding porn in an inbound mail box legally says absolutely nothing about the character or behavior of that person, and taking adverse action on the basis of it would almost certainly expose the company to legal action. (Consider an analogy to firing any employee who has a flyer under his windshield wiper while parked in a public lot!)
Depending upon how tightly your system is managed, even scanning user directories for pornography and taking subsequent actions can be legally risky. Did the individual download the file himself, or was he set up by an enemy within the company? If it's the latter, if the company takes adverse action it would appear they could be sued for wrongful termination, deflamation, slander and libel!
My advice is to either forget about scanning incoming mail, or simply filter all out such images. You can scan home directories for image files, but mail the user first with a reminder of your company policy regarding indecent material. Only take official notice if someone ignores the notice.
I know the HR department needs to be sensitive to sexual harassment issues in the workplace, but they also need to balance that with the very real penalties that are attached to overreacting. The classic cautionary tale is the individual fired for sexual harassment after repeating a storyline from Seinfeld ("Dolores!"). As I recall, he won a multi-million dollar judgement for wrongful termination.
Some industries *require* snooping (Score:2)
Even if the industry doesn't require monitoring, a company may be required to perform such monitoring by legal action which you're not aware of. E.g., the original poster's company may have been hit with a million dollar sexual harassment suit and the lawyers asked for information about what's in mailboxes as part of a discovery motion. If you, and all other sysadmins "with a backbone" refuse, your company can't comply with the court order and could face dire consequences.
Does this mean that a sysadmim should roll over and do whatever his boss asks, without question? Of course not. But part of knowing what it means to say "no" is understanding what it means to say "yes" -- and I've just listed two situations where no reasonable person can refuse to comply with the order.
Finally, don't assume you can always quit. If you refuse a reasonable order and "quit," your employer can still say you were "fired, for cause (insubordination and dereliction of duty)." If the objectionable order came from a single panicked HR person, the latter characterization couldn't stand much heat. If the objectionable order came from a court order, you better pray that your future employers never check with your previous employers.
Same in the US (Score:2)
However the law presumes that the employee receives his personal mail (of all kinds) at home. Anything that the employee receives at work is presumed to be work related unless the company has formally stated otherwise.
This sounds like a minor point, but it's not. Less than a hundred years ago employers routinely monitored employee's activities (e.g., Ford Motor Company in the early part of this century was especially notorious), and they wouldn't have thought twice about firing an employee for receiving mail *at home* from an "undesirable" party. Today an employee has an extremely high expectation of privacy *at home*.
Let's keep this problem in perspective, okay?! How many people really, really need to send and receive personal e-mail from work instead of waiting until they go home (or go to a cybercafe at lunch)? How many people really, really need to download pornography at work?
"common carrier" (Score:2)
The right to monitor (record) the phone goes with whoever pays the bill. At home, you pay so you decide whether to tap yourself. At work, your employer pays and *they* decide whether to tap their own lines. If you want to make a private call, go use the public phone on the corner. (N.B., *you* pay for that pay phone call.) The presence of a PBX system is totally irrelevant.
Finally, the recordings several other people have mentioned is a courtesy (in most states and all interstate calls) to the *caller*, not to the employee.
Re:Selling our souls for silver and gold (Score:2)
Some people spend a *lot* of time looking at non-work related sites. Glancing at CNN every couple hours is one thing (e.g., I'm sure many parents with children trapped within Columbine first learned of the situation from the web), spending hours poring over the Sports Illustrated or E-Trade sites is another. When productivity suffers, management has to pay attention.
Focusing on porn alone, it's one thing for an accidental porn redirection (e.g., "whitehouse" expanded to "www.whitehouse.com", a porn site) or deliberate viewing after hours and/or in a office with a closed door. It's another thing to leave the material up in plain sight during working hours.
We simply don't know enough about the original situation to evaluate whether it's a reasonable request. Was this a knee-jerk reaction from an HR employee who saw a bit of shock-TV on the _700 Club_? Was it a reaction to a substantial article in an HR journal? Was it a reaction to a formal complaint about sexual harassment due to a "hostile workplace environment?"
Re:Been there, but didn't do it--here's how. (Score:2)
I'm confused, this seriously undermines the rest of your argument. Technicians follow orders, they don't debate them and they certainly don't refuse to do them.
As an example, consider a technician at a Grease Monkey. What do you think would happen if he quietly refused to change the oil in a customer's car? Do you think his boss would simply ask the next one, or would they immediately fire his sorry ass? Do you think any future employer would care why he refused to change the oil?
I think sysadmins fall into a grey area between management and technicians. They aren't management, but management should listen to them when developing policies. If this objectionable policy already existed and was published, and the sysadmin didn't bother to complain about it before, then they'll get little sympathy if they object when it is time to actually enforce it. If this policy is new (or ad hoc) and management refuses to listen to their concerns, then quiting is much more defensible.
BOFH strikes again (Score:2)
These are not all my words I must say, I was majorly influenced by the BOFH expert in my office. Thanks Dave.
Re:France and Privacy (Score:2)
Also, what about the 5000 illegal tappings performed by former president Mitterand himself?
And what about the recent discovery that Paris mayor Tiberi allegedly installed microphones in the offices of all his political opponents?
Why do you think that France waited so long before allowing strong encryption? Well, they waited until the economic loss due lack of encryption would be significant with respect to the fact that communications can't be tapped anymore.
Fighting the system (Add your tips here) (Score:2)
Do you work in a lousy cubicle where you have no real work but have to tap the keys and pretend to be busy? Do you have a clueless boss who only tries to "keep you busy" but who doesn't (and can't) understand what you do?
Obviously, you need to do things to entertain yourself in a stealthy, yet entertaining manner.
What are the best techniques to fight back? (Add your hints, tips, and critiques).
1) A good monitor angle.
This is the best tactic against physical offensive maneuvers from management. The best angle is one which lets you see if someone is coming near you, but which obsures their view of your screen.
2) telnet.
Most places don't bother to monitor telnet. I was at a place that scanned web/e-mail. The first thing I did was login to my ISP's shell account. Once in telnet, I used lynx, irc, pine, etc. to spend the entire day in blissful entertainment. This is one of the best options left.
3) scripts - Really lousy employers count login times, keyboard hits, etc. Automate your work, or your work will make you an automaton.
4) Pre-emptive strikes.
If you have a manager who drops by too often, try going over to his cubicle to give an "update" before he comes by.
5) Easter eggs.
The one in Excel 95 has a DOOM like little game. Try playing it. fun for hours. Hit a key to go back to excel if someone comes by.
6) QBASIC/text based games.
All the usual games are too obtrusive and catch attention. Play a mud, do something in text mode.
Hmmm, that's all I can think of, and the Simpsons are on. Folks, add your own ideas.
Thx.
L.
PS - Oh, one more. Use rubber bands, binder clips, etc. to make funny, innovative devices.
Re:Are we moral sensors now? (Score:2)
They also go too far in what they define as pornographic. Here, the government caters directly into the hands of the puritanical Christian zealots of the "Religious Right", and their "Moral Superiority (patent pending)". There's something seriously wrong with laws that criminalize the great artistry of people like Jock Sturges, Sally Mann, and Graham Ovenden. The way the laws are currently written, a court could interpret an image of Michelangelo's David as pornographic.
I also agree with all those who have expressed the opinion that employers should have the right to censor (yes, censor!) what appears on their networks and workstations. After all, the network, the hardware, the domain name, the IP addresses, the software, and the mail exchange servers all belong to the company. I think a company has as much right to monitor and control what their employees do on company equipent, and during the time they're being paid to work, as parents have to monitor and control what their children do and see (on TV, the 'net, who they hang out with, etc.).
It seems like common sense to me that when I'm at work, I do work, and when I'm on my own time I do whatever the hell I want.
I'm convinced that the primary reason that companies have these crackdowns on people looking at porn, or whatever, is that they're afraid that the government will hold the business criminally liable for letting their employees do it. That's another symptom of the way the laws are written. After all, a pornographic image mailed to me at my work email address resides on the company server, and is thus company property ... for which the company can be held criminally liable, the way the law currently reads.
As far as moral censorship goes ... IMNERHO, it belongs solely and completely with the individual. If you don't want to see porn, don't look at it. If you don't want your kids to see porn, teach them not to look at it. They probably will anyway, though, and you know what? There's not a thing anybody can do about it! (Just look at what criminalization has done to the drug scene.)
Anyway, I'll get down off my soapbox now and prepare to be flamed.
France and Privacy (Score:3)
If they do, they cannot use it as a proof for misconduct, they will be illegal and liable of Privacy Invasion and can be sued.
So come to France All!!!
Been there, but didn't do it--here's how. (Score:3)
If you're valued enough, and good enough at your job this is not a problem. SAGE [sage.org] (SysAdmin Guild), IIRC, has some articles on this and what it boils down to is: nobody is forcing you to do anything. Refusal to do this is defensible. This is a management issue, not a technical one. You are a technician, not a manager.
Don't preach, don't condescend, and don't moralize. Simply and quietly refuse to do it. By not making a big stink about it you cost no-one any face. The first, second or third sysadmin that refuses to do this will make them reconsider, and not even bring the topic up in the future. Sing the company song and in every other way be a team player, just quietly refuse to do this one thing.
PS: Make very sure your own house is clean before you attempt this. If they do find anything remotely questionable in your mailbox, you'll be out in a heartbeat--with good reason.
What you should be looking for... (Score:3)
Pornography is not a big time waister, a couple of peeks to make a employees day better is likely to help both him and the company in the long run. Plus people work faster and better if they can releave some sexual tension every now and then.
If your company has anybody remotely techie you should start checking for slashdot instead. It takes lots of time, but gives very little sexual pleasure (sorry people
The world needs to grow up...
-
Electronic Communications Privacy Act of 1986 (Score:3)
"Amends the Federal criminal code to extend the prohibition against the unauthorized interception of communications to specified types of electronic communications. Prohibits unauthorized access to an electronic communications system in order to obtain or alter information contained in such system."
If anything, you could take the position that intercepting e-mail would violate the above act. It might at least buy you some time while your employer grumbles about lawyers.
I caught my employer reading my email (Score:3)
Regarding your issue, I think you should just do as you're told as far as "looking for porn" but if you find any, notify/warn the employees involved in a subtle manner while telling your employer that you didn't find anything... unless someone has excessive porn that you find bothersome and necessary to notify your employer....
Follow your guild's code of ethics (Score:3)
I would have expected to see a question like this directed to one of the sysadmin guilds you're probably a member of (what, you're not?). If you were a member of SAGE, you would be aware of the SAGE Code of Ethics [usenix.org]. SAGE-AU has an equivalent code [sage-au.org.au].
In the SAGE code it mentions:
So, the bottom line: What do your organisation's policies allow?The usual path for this sort of stuff is to get the managers in question to publish a policy (even if it's something as crappy as voicemail to all employees warning them of the policy and the consequences of breaching it). It often helps to provide a draft policy to get them started down a reasonable path.
Then your tasks are clearly defined. Without a published policy you and your managers are walking in a minefield.
Keep in mind that the published codes are there to protect you as much as anyone else. If a manager tries to force you to act against your principles you have a recourse. As a member of a guild you can point to the published code of ethics and say "sorry, I cannot do that". "And neither will any other ethical sysadmin".
Whatever you do, get your instructions from management in writing.
Fair Warning (Score:4)
Unfortunately, legally the company has the right to do that - and I can't say that I think that anyone really has the RIGHT to be downloading porn on company time, either. If they ask to scan for something like content of email or something, that's fairly repulsive - but if they're asking to do a general scan for jpegs and whatnot, then simply ask that you're allowed to do a warning first, then scan a week later. If it's the first time that the company has tried to enforce a policy it wouldn't hurt to simply re-announce the policy and tell people to expect it to be enforced soon.
It's one thing for a company to check if you're downloading porn or something like that vs. a company saying anyone who's ever used company email for private use is going to be fired, or scanning content of email for comments about the boss or something.
Zonker
The law is irrelevant here (Score:4)
Yes, companies can legally snoop all they want on their employees. They can also demand that everyone piss in a bottle once per day while the company doctor watches, sing the company song, etc. But only people with no talent or valuable skills should go along with such policies. In case you haven't noticed, we are currently in a sellers' market for technical talent.
If you are a sysadmin at a company that demands that you snoop through peoples' mail, and you feel that this violates your ethics, don't go along, and, if necessary, leave. Explain to your employer that, while you agree that it is legal, you feel that it is unethical and you will not participate.
The only reasons companies can force you to put up with this crap is because too many employees don't have any backbone. The reason for respecting employees' privacy is because it is the right thing to do. Exceptions should be made for people who aren't getting the job done.
Scan HR's mailboxes (Score:4)
Web Serfs (Score:4)
If you want privacy go get a hotmail account
And that's not private either (egregious security holes aside), since it's the corporation's data pipe, so watch what you say, Ashley.
This kind of slave attitude is responsible for a long slow slide back into feudalism. "Hey, Lord Bumsenfock is all that stands between you and the Tartars, and this is his land, so actually he does have the right to steal your food, kill your son, and deflower your daughter." There is no logic and no honor in this.
Between bootlicking nonsense and creationism, I'm terrified of how Americans are rushing back to the dark ages.
Phone calls vs. E-mail (Score:4)
No, that's a bad attitude (Score:5)
I read an article yesterday from the WSJ about the practices of Herb Kelleher the wacko CEO from Southwest Airlines. When asked why his company did so well (26 straight years of profitability) he said basically because all of their employees bust their ass at work. Why? Because they love their job. Why? 'Cause they don't have to be stuck up or put up with too much stupid bullshit and are allowed to act like people not drones. Have you ever had someone sing you the safety procedures like Elvis? I did, on Southwest, flying into Memphis.
With the way businesses have to move these days (Service, service, service, it's too easy to change providers) having happy, well-adjusted, comfortable employees is beyond measure. Having scared, paranoid (because they receive a diry joke on e-mail, god forbid), and boring employees leads to that type of company.
Basically my point is that employees are there to get their work done, beyond that stay off their case.
All of this is a big reason why I chose to start my career outside of the corporate environment. I like being told and telling off-color jokes, 'cause they are just that much funnier.
(BTW the notebook example was much more accurate than your handkerchief one)