+ 1 Votes Ditch this client tony 1 year ago How is this different from a virus? I am pretty sure that giving managers the opportunity to spy like this is illegal - maybe not where you are, but in many countries. I recall cases where people have been jailed for spying on partners like this. I am fairly sure that if this comes to light you will probably find yourself on the receiving end of legal acton, possibly criminal, and certainly civi. Here in the UK the simple thing of accessing people's voicemail without their knowledge has sent people to jail and caused huge problems for News International. If you don't have the easy option of walking away from this, at least do the following 1) Insist on having a copy of the organisation's policies on IT and Internet use; make sure that it is dated and signed as being in effect at that date 2) Ask for a written instruction as to which users it should be installed for, and the activities suspected 3) Armed with the above, you can put in appropriate measures e.g. if it is web activity, then there is probably a proxy of firewall that will log things. There are also free tools that will unpick a user's browsing history (this is better because it comes from an authenticated profile - I am assuming that you are talking about a domain based system) I have dealt with two cases, years ago, where there were specific things 1) Inappropriate use of the internet in a sub-office. In this case, I warned (by email) all users in that office that we had performance problems with their Internet that was affecting the business use (they used remote access to head office that was being impacted) and that I would be monitoring internet use for several days, starting ... Two of the people did not change their habits when advised in advance that this monitoring would be taking place (at the router) and were subsequently disciplined (both chose to leave) 2) A more tricky case. A senior manager was suspected of inappropriate relationships with staff and I was asked to make his email available to the CEO. This resulted in him leaving. Incidentally, in one of the emails he said that it was quite safe to use company email because the system admin did not know how to access it. In both of these cases, specific wrong doing was suspected, and the lightest possible measures taken to verify or exonerate those concerns. In the first, people were told in advance, and in the latter, it was to confirm the verbal evidence we had from a number of female staff. If your client does not have clear and targeted reasons e.g. specific company policies or laws being broken, then take local legal advice before you do it, to make sure that whatever you do is not going to land you in jail. Actually, getting good legal advice in writing that you can give to your client stating what can and cannot be done may be the best way of dealing with the situation. This would at least allow you to make it clear what you can and cannot do, and they cannot urge you to break the law on their behalf.