Workplace Surveillance
Julie Krol
HPR108b
Workplace surveillance is a
practice that is growing in many companies. A recent survey showed that about
two-thirds of major
It is imperative that the employer sees and knows what his/her employees are doing. The employee can be making long distance phone calls, on company phones, or looking at pornographic sights, on company computers. People do this on company time and not their own time. The company does not like these actions because it is just wasting the company’s time and money. They are paying the employee to do work for them and not to fool around with company technology. Employees also look to see what the workers are doing because they do not want sensitive information to be leaked out to outside sources.
Workplace computer surveillance is growing in companies. Many workers could be looking busy all day, when they are typing on the computer and clicking the mouse everywhere. Really, they could be doing non-work related activities. Such activities include playing solitaire, shopping online, e-mailing, instant messaging, looking at pornographic sights, checking stocks, and gambling online.
Instant messaging and personal e-mailing has become a major problem in the workplace. It is the fastest growing security problem facing firms today, a new survey claims. A rising number of companies are banning IM as a result of the wide-ranging security issues associated with the system. The survey, conducted by analyst firm Meta Group, revealed that five percent of companies have banned email, but sixteen percent now prevent employees from using an IM service at work. Many companies limit the use of email and IM to ensure productivity. "We allow talking to other people within the company but there is certainly no sharing of files or external communication," said Dan Harman, remote access administrator at consulting firm Lewis Group. IM usage has increased in the office for a variety of functions. A side-effect of this is the appearance of instant messaging spam.
Here is an example of what a woman was doing at work. A Labor Department employee looked busy everyday when she clicked her computer mouse and stared intently at her computer screen. But after more than a year of turning in little work, her supervisors became suspicious and began monitoring her activities. They saw that the employee was busy, all right. She had been visiting Web sites that had nothing to do with her official duties. She visited more than 7,600 sites during an 18-month period, according to Labor documents that outlined the case. At her peak, she visited 599 sites in one day, not to mention receiving and storing 13,000 e-mail messages and attachments on her overloaded computer, the documents state.
Is her case unusual? Federal managers say no. They are trying to cope with the ongoing problem of computer abuse, which is costing the government money through lost work time and wasted bandwidth. Although pornographic Web sites are usually cited as a big part of the problem, managers said federal employees have found many other ways to misuse their government-owned computers.
An employer can monitor his or her employees’ computer activities using these three methods; packet sniffing, log files, and desktop monitoring. With these programs, the employer can see what the worker is doing on the computer in real time or what they have done in the past. They can check to see if they have received and sent personal e-mails, if they have viewed pornographic images, or if they have been playing games on the computer all day.
A packet sniffer is a program that can see all the information passing over the network that it is connected to. The program looks at stuff that passes through the network. This is called sniffing. The computer looks at the packets that is addressed to it and ignores the rest of the data on the network. A packet sniffer can be set up in one of two ways. It can be unfiltered, which means is captures all of the packets, or it can be filtered, which means it would capture only those packets containing specific data elements. When the packets that contain targeted information are found, they are then copied on the hard disk. Once the packets are on the hard disk, they can be looked over for specific information or patterns.
Being
connected with the internet means that you joined a network maintained by your
internet service provider (
Desktop monitoring programs can actually monitor every single action taken on a workers computer. This is what makes this method different than packet sniffers. A signal is transmitted every time you give some kind of input for your computer. It can be when you are typing on the keyboard or opening a new application. The desktop monitoring program intercepts these signals and then they are put on the computer at the operating system level or the system administrator. The person receiving the signals can then see each character being typed. With this he or she can replicate what the user is seeing on his or her screen.
A
popular desktop monitoring program is EnCase Enterprise. This is a program
where the employer can see what the workers are doing on their computers. 
They
can also see this in real times. Some things that can be done with EnCase
Enterprise are; viewing deleted files, making a bit-by-bit copy of the hard
drive, doing a keyword search, do a timeline search, has decryption
capabilities, unzip files, crack passwords, and do a MD5 hash.
The third method an employer can monitor the computers is with log files. Log files provide evidence of what you have been doing on the internet. A system administrator can figure out what web sites you have been to, see whom you have been sending e-mails to and receiving them from, and what applications are being use. This is all done with log files. These files can even be found after they have been deleted. Deleting that e-mail or files does not delete the trail of where it can be located.
An employer can prevent certain web
sites from getting onto company computers. This is done through web filter
programs. Features of these programs are keyword blocking (ex. if the worker
types in “porn”, a site containing porn will not appear on the monitor),
pre-set URL (which means the employer can set which sites the workers can go
to), it has bandwidth control (which determine the size of downloads), and web
filters can determine the severity of the warning shown when the person goes to
site they are not allowed to go to at work. Some popular web filter programs
include Websense, Surf Control, Guardian, and Secure Computing.
“Privacy in today’s world is largely illusory,” says Ellen Bayer, American Management Association’s human resources practice leader, “In this era of open-space cubicles, shared desk space, networked computers and teleworkers, it is hard to realistically hold onto a belief of private space. Work is carried out on equipment belonging to employers who have a legal right to the work product of the employees using it.” This does raise the issue of privacy in the workplace. Does this violate the fourth amendment? Not really, because when the employee signs the contract there is a part that says they will be monitored by their employers. Also, it is the employer’s computers, so he or she has the right to know what is going on with them.
There are laws that deal with privacy with computers. One is the Electronic Communications Privacy Act (ECPA). With this law, any electronic communication that is in transit is illegal it intercept, like voice communication. When the electronic communication is stored, like an e-mail being stored on a server waiting to be sent, is not illegal to intercept. Another law is the fourth amendment. This gives people the right to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.
Computer forensics, especially in the workplace, is growing rapidly. More and more people think that they can do whatever they want on company computers. Yet, they might not know that their employer is watching every move that they do. Workplace surveillance is necessary for the company to ensure productivity and security.
Bibliography
http://computer.howstuffworks.com/workplace-surveillance.htm
~This is a web site where it explains workplace surveillance, packet sniffers, desktop monitoring, log files, and privacy laws.
http://www.cybercrime.gov/s&smanual2002.htm
~ This is a web site where it explains what and how you can
search a computer. It gives different examples of what can happen and they also
give cases. It also talks about privacy laws with the computer.
http://www.fcw.com/fcw/articles/2004/1004/feat-watch-10-04-04.asp
~ This is a web site that talks about the employer watch his or her workers
and their activities on the computer. This is where I got the example of the
lady looking at a lot of web sites and not turning in a lot of work.
~ This is a web site talks about how instant messaging is
happening more and more at work. It also mentions how it is a security problem.
It is an article from SC Magazine.
http://www.mondaymemo.net/010730feature.htm
~ This is a web site that talks about workplace surveillance and how more
and more companies are monitoring their employees.
http://www.securityworld.com/library/workplacetech/workplacesurveillance.html
~ This is a web site that talks about workplace surveillance and how more
and more companies are monitoring their employees.