I was intrigued by an article I read in a mag recently. The article was about employers spying on their employees using computers and networks within an organization. A tad bit disturbing I must say, not completely unexpected though. All previous organizations I have worked for were paranoid about security, so I guess I kinda always knew, ” the boss was looking”, when I was working. The article gave some really good insight on the whole matter. Apparently good enough to have piqued my curiosity, at least enough to write about it.
How do they do it? For those who arn’t tech savvy, let’s look at more technical details. Apparently the easiest and the most powerful way to spy on anyone using a computer is by installing a key/data logger. There are hardware and software keyloggers. The hardware ones can be easily seen just by peeking around your computer’s back. They sit between the Keyboard plug and the computer. A software keylogger is a program that logs every key you hit on your keyboard. So all your passwords and website are basically open for scrutiny. A keylogger program is surprisingly easy to write. A programmer like me could probably do it in about a day or so. Google around and you can probably get a dozen free ones on the internet. A data logger is something similar, but more advanced. It maintains a history of data interactions including keyboard and mouse. Dataloggers are often more difficult to write. However, don’t be mistaken, such programs are available. What’s more such programs are available from professional software development companies focused on security, and you might have one running on your PC right now! No, most key/data loggers are not caught by spyware or antivirus programs. Don’t bother trying it. So if there is one running on your work PC, there is a good chance you have no knowledge about it.
Spying using keyloggers is pretty easy, however that is not the only way an organization can spy on employees. Your email is also subject to scrutiny. If you are using your work email address to send personal messages to friends and family or maybe sending insults about your boss to your friends, there is a good chance they have already been read. Don’t expect to get a raise very soon! It’s child’s play to archive emails from a message queue on a mail server and those can be read during weekends or holidays. Forget about even reading all of them, the system can be configured to run a automatic script to isolate mails that have specific words or phrases. Your laptop isn’t spared either. If you do dock it in when you come to work, it leaves a door open for the sysadmin to logon to your machine and install whatever he/she wants, and if for some reason it has had a recent unexpected trip to the IT department, you probably should be asking the question, “why?” right about now!
Pretty much anything can be monitored, from the sites you visit to the friends you chat with. If you think your organizations is a little bit over protective about security and probably doing it, rest assured, they are! So the ethical question to ask is, are such organizations violating employee privacy? Is spying on employees even allowed? You will be surprised to know the answer! It is! There is no explicit law that forbids employers from spying on employees. Privacy laws are pretty murky when it comes to something like email and chatting. True, no one can barge into your house and violate your privacy there, but your workplace isn’t your house and anything said, written or emailed doesn’t explicitly fall into the category or personal privacy. There can also be serious legal complications associated with seemingly innocent practices. For example forwarding pornographic material in an email can be subject to sexual harassment lawsuits. Even seemingly innocent jokes, that are generally forwarded at a click of a button can be taken to be racist or radical remarks. Copying or emailing copyrighted material can land you in jail, even if you were to do it innocently.
As technology advances so does the need for organizations to protect themselves. Having personal data of an employee on office machines can lead to complications for the organization. With visuses and data mining rampant, organizations are left with little choice but to have more and stringent monitoring policies. I for one believe, organizations should make their policies clear. If they do want to monitor their employees, then there is no harm in letting people know. Spying secretly is not very well appreciated by anyone. It leaves people rather distrustful of the management and the organization. However, rest assured spying at the workplace is all too common. It is here to stay. So the next time you have and urge to forward that great joke or poke fun at your boss, remember “Every breath you take, Every move you make …..”