Recently I've been asked to install some software that will allow logging of email from employee's. I don't know what to think of this specifically because I can't see a security risk. IF this was a bank, sure that would make a lot of sense. But this isn't the type of business where sensitive information can easily be accessed.

What are your thoughts on the issue?

11/7/2005 11:32:11 AM

you obviously aren't paid to think

do your fucking job.

(and this has been logged)

11/7/2005 11:35:30 AM

from employee's what?

my thoughts: if it's in your contract that your communications can be monitored, then even though it's dirty, it's legal

if the employees don't know, it could be a lawsuit.

11/7/2005 11:36:56 AM

Quote :

"you obviously aren't paid to think"

11/7/2005 11:44:17 AM

its not fucking "dirty" at all.

its private property owned by the company. The emails on the server are company owned documents.

I see no issue whatsoever with companies logging email.

11/7/2005 11:54:12 AM

i would have no problem with them logging company email

11/7/2005 11:56:32 AM

i'd probably have a problem with not logging email since it plays such a huge role in many companies (especially where i work)

11/7/2005 11:58:14 AM

I dunno. I guess if we're just talking about internal email, yeah. If they're logging mail you write using outside addresses (ie personal email) that isn't being sent through their email servers, that seems dirty.

11/7/2005 12:05:05 PM

i would assume anything coming to or from the company's addresses, they should already be logged and stored, like on an Exchange server. No problems there - no questions asked. just install the software

are you talking about something that hijacks yahoo/gmail email sent through the company proxy or something?

11/7/2005 12:07:46 PM

your emails belong to them, they can do what they want

11/7/2005 12:15:07 PM

Simple Answer: You have no privacy at work. Anything that is company-owned is subject to being searched/confiscated/etc.. Doesn't mean it WILL, just means the employer has a right to. Make sure you get a policy in writing that details most of that. Make sure current employees sign that policy stating they understand it and all new employees sign it as a condition of employment.

Personally, I remote desktop (as in, like right now) into my home computer to check email, post TWW, etc. I can't do some multimedia things (homestarrunner.com), but I can wait a few hours for that. For most other people, private email is private email ... take the risk/know its not private if you need to check it that badly during the day.

11/7/2005 12:28:26 PM

If you use campus mail for your personal email, you are already subject to this.

http://www.ncsu.edu/policies/informationtechnology/REG08.00.2.php

Quote :

"II. Regulatory Limitations D. The University may examine personal electronic information stored on or passing over University equipment or networks, for the following purposes: 1. To insure the security and operating performance of its systems and networks. 2. To enforce University policies or compliance with state or federal law where examination is approved in advance by a dean, vice chancellor, or vice provost, and either a. there is a reasonable suspicion that a law or University policy has been violated and examination is appropriate to investigate the apparent violation, or b.examination is necessary to comply with a state or federal law. E. Computer Users should have no expectation of privacy in personal material stored by them on the University computing systems when the conditions of subparagraph D.1, D.2(a), or D.2(b) above have been satisfied."

11/7/2005 12:41:14 PM

Everything on the Internet is logged anyways.

11/7/2005 12:52:58 PM

Every company that uses email heavily should already be logging all emails for the purposes of backup.

11/7/2005 12:59:09 PM

well, technically logging is different from backups.

11/7/2005 1:00:56 PM

I think I should have been more specific. What do you think MORALLY about logging email at work. I already log nettraffic because of abuses. I AM paid to think which is why I do what I do, however, part of my job is to be the checks and balances for the company and make sure that technology doesn't get in the way of work.

Honestly would you work well knowing that every email you send out is logged and possibly monitored by the CEO of your company?

Personally i could care less. There's nothing sent or recieved in that email that is of consequence to me. The work environment here is very lax and that seems to suit everyone. Productability is high, there are no issues with people looking at porn. There are no trade secrets to sell. etc. The absolute worst would be financial information about sales and cost figures being sent off. That's all I can think of honestly and though that's a felony... still. Ooo Bill Bob bought a $4000 Marantz reciever. .... great! Now to take over the world!

Legally, no noone's contract has in it that they are subject to having their email logged and such. Mine doesn't at least. Hell i don't even have a non compete agreement for the software I developed.

I'm basically trying to drum up a list of pro's and con's of using the system besides what i found on google.

11/7/2005 1:04:35 PM

Quote :

"I AM paid to think"

Read I AM paid to ask TWW.



That said, the company has every moral right to log your communication. You're using their systems and it is upto them to establish any kind of policing.

11/7/2005 1:07:54 PM

They have every right to do it. If you are worried about it chances are you shouldn't be doing it at work.

11/7/2005 1:34:57 PM

My view on this is dependent on the purpose of said monitoring.

I think that proactively monitoring employees' email and other internet usage at work is a complete waste of company money and resources, if used as a productivity metric. A lot of companies do this, block certain sites, and otherwise play big brother. I feel that a given employee's productivity is going to show up in the quality of work that they are paid to do. If results are below average, deadlines are missed, etc., this is going to be known pretty quickly. Whether that cause is cyberslacking or an inability to perform their duties correctly is immaterial. Additionally, I've always been of the opinion that such big-brothering is a morale-killer and actually hurts productivity in the long run.

If monitoring such activity is purported to ensure security of confidential data, trade secrets, etc., and otherwise ensure that data entering and leaving the company electronically is benign, then I have no problem with it at all.

11/7/2005 1:55:27 PM

^ that's why employees <3 cisco

11/7/2005 2:09:40 PM

If I wanted a professional opinion of security i wouldn't ask TWW. However I'm interested in personal opinions since many students on this forum SPECIFICALLY those in tech talk have gone through courses that teach about these ethical situations. By chance someone might be able to bring up an example for or against it that i might not have seen.

You see, why institute a monitoring technique that you don't need. it's a waste of resources and money.

The monitoring I do is mainly to conserve bandwidth. For instance when I got here the fastest anyone could download was 20kb/sec. I worked with the Cisco router and found out that there was a couple of ips always pulling down a lot of traffic. I went to those user's PC's and removed AudioGalaxy, Kazaa, and a few others. Had a brief discussion with them, out of the bosses earshot and all is well. My intentions are to have a good work environment and I'm not out to get anyone. That's the impression i get that my boss wants to have. There are a couple other people here who don't know much about the technology and want it in place in case something horrible should happen... so that they can prove he/she did it.

By law we have to tell the employees that their email may be monitored. Regardless of how it's put... what kind of message does that send to the employees? What else is being monitored... am I in trouble?

I successfully thwarted the same person from making us log every single url someone visits. I did this by monitoring just them and reporting everytime they went to CNN, some right wing political site etc. Needless to say they weren't happy.

Thanks BobbyDigital for your post

11/7/2005 2:13:42 PM

OT, but what software do you use for your bandwidth/site traffic monitoring?

11/7/2005 2:18:00 PM

Cisco Firewalls come with monitoring tools and you can download additional tools from them. I was using the one that it had (very outdated),

that allowed me to track nettraffic by IP and it puts them in chart format by day, week, month and there were 3 that were doing 12 times as much as the rest. It was kinda obvious.

As far as site hit monitoring they don't have one except for IIS information. I'm just now starting to look for a good one as there will be multiple sites soon and I'll need hit info. That's part of server administratration I've never done oddly enough.



[Edited on November 7, 2005 at 2:24 PM. Reason : Err the IIS logs that I parse is what I mean by hits. ]

11/7/2005 2:23:16 PM

My Dad works for a drug company and they are required to not only log, but they have to keep everything for years. Years.

11/7/2005 2:38:43 PM

Quote :

"^ that's why employees <3 cisco"

You'd be surprised what Cisco logs.

11/7/2005 3:59:20 PM

My second day here (back in '98), i had to download some file from our department server, which was called sarahjane. Not thinking, i hurriedly appended a .com to sarahjane, which took me to some porn site.

I freaked the fuck out, thinking that i was about to be fired, as soon as IT passed that info along to HR. Eventually, i went to my manager, told him what happened, and laughed at me for the next couple of months.

11/7/2005 4:28:35 PM

yeah I have a friend who's going to show me the ropes with the Cisco Router on wednesday. I know a bit but since I was hired as a programmer/some IT, and now my duties have gone to mostly IT I need to learn it well.

Gonna try to beef up my knowledge on server administration too. Active Directory can be confusing as shit sometimes especially when it's with permissions and there's NO DOCUMENTATION.

11/7/2005 5:47:14 PM

the last time I had anything to do with AD (2+ years ago),

there was an over-abundance of documentation. So much in fact, I spent more time looking for what I was looking for than actually reading it.

11/7/2005 5:48:53 PM

MORALLY, the employees of the company should be doing their job. REALISTICALLY, no one will go back and read them unless they have a reason to.

11/7/2005 5:53:42 PM

My Thoughts on the matter-

From a non-moral standpoint:

If there's *not* a security risk here, than I wouldnt introduce one with the potential of someone using the software to get into things they shouldnt if that's possible etc.

If noone's interested in looking at them, why waste the money and cpucycles and storage space to deal with it?

From a moral standpoint:
If you're going to put it on, the employees need to be notified since it's *not* in their contract. Legal documents are *everything*. Just putting it on when noone was told it was going to happen may not get you in trouble in the long run, but it avoids folks throwing a fit and causing hassle.

Since productivity is already high, and the laid back atmosphere works for everyone, why change that without a good reason? If there's no reason to suspect that personal emails etc are detrimental to the employee's work, or that there's a security/privacy reason for the company, dont do it.

11/7/2005 6:57:59 PM

For my company, e-mail logging is a given, and the company reminds its employees every day that they're doing it. They also log all external website you go to while at work although they won't actually look at those records unless you're accused of either wasting time, illegally downloading copyrighted materials, looking at illegal materials (sexually explicit for example), etc. To my company's credit, they POUND this fact into their employees heads to the point that if you go to an external e-mail site, they will pop-up a message reminding you not to violate policy. They don't monitor the e-mail itself however, simply logging that you accessed it instead. Managers also remind their employees to write e-mail carefully and treat each one as a formal letter since not only the company monitors it but also the government for auditing purposes (we're a government contractor, so the government has every right during audits).

The company takes it so seriously, that they sacked the CEO for writing sexually explicit e-mails to a VP that he was having an affair with (he wasn't sacked for the affair itself). This is a big deal considering that my employer is a fortune 50 company.

Personally, I agree with the way they do it: as long as they train you and remind you regularly, then there is nothing wrong with it when you're writing e-mail using your company account. This is especially true if you start writing outside people, especially customers, using your account because then you become a representative for the company.

11/7/2005 7:13:00 PM