General discussion


Spying in IT

By tweakerxp ·
Have you or your IT department been asked or requested to spy on employees, monitor their surfing habits or read their emails? I was asked a while back to setup a users account on their managers system so she could monitor the users emails. I didn't feel right about this. I know it's company property but still felt funny about it.
What's your thoughts on it.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Set up the users's account

by Tony Hopkinson In reply to Spying in IT

on the manager's pc?

Please tell me they weren't logging on as the suspect?

I never use work equipment for anything I wish to keep private for any reason, because it isn't. I consider anyone who does so, naive at best. As to feeling iffy about it, one guy I worked with got done for child porn, never would have suspected him of that, seemed a decent guy, but there you go. How right would you feel if your action or inaction let such a scrote continue.

At our level, short of good advice so as not to contaminate any potential evidence, you just have to take it on trust that the owners have some ethical reason for doing some thing tht implies a huge lack of trust.

Collapse -

Spying ?

by tweakerxp In reply to Set up the users's accoun ...

What happen is this I was asked to setup a Outlook account of a specific user on their managers system. So when the manager opened their Outlook they would see their account AND the specific users Outlook account. It was just like the manager was sitting at the specific users computer. They could see every email that was sent and recieved by that specific user.

Collapse -

Thank Cthulu for that!

by Tony Hopkinson In reply to Spying ?

There's more than a few who've asked this question on here where they have accomplished the monitoring by logging on as the user...

My only quibble would be whether management were explicitly telling their people they were actively monitoring them. i.e. publishing their total lack of trust for their people.

Is there a valid reason for that or is it just someone being a prick.

I know management could do it, so I have no expectation of privacy, so I don't do anything private. If however there is some expectation of privacy, some poor naive twit could be exposing private communications, whether buying somthing on line or a an assignation with the bosses wife to scrutiny.

Better all round if people know where they stand.

Global constant monitoring indicates no trust (quite valid in some situations), clandestine monitoring indicates a total breakdown of trust.

Collapse -


by tweakerxp In reply to Thank Cthulu for that!

Whether the company told the employee(s) or not that I do not know. What I do know is that a couple of the employees WERE let go not long after I set up the accounts for the managers. So I'm guessing here, that managment was just gathering evidence on these employees for something they have or have not done.

Collapse -

Personally I'd be happier with

by Tony Hopkinson In reply to spying?

knocking up an auditted tool where an authorised person could asign themself read only access to a mailbox. Results positive or negative should be recorded and their should be some sot of process involving HR. That way it couldn't be percieved as global spying and negative aspects such as individual harassment could be countered.

There should be a documented reason to commence monitoring, there is no value in it being pervasive and constant in a normal corporate scenario. Tyat's bad for morale and it should be a waste of resource.

Collapse -

Expectations of Privacy

by wookieshaver In reply to Spying in IT

Being partway through my Computer and Digital Forensics degree, I can tell you there really should be no expectation of privacy on a work computer from any employee. Bottom line the employer owns the network and all its components and can do as they wish, and indeed,report their findings to law enforcement.

Collapse -

RE: Expectations Of Privacy

by gmalleus In reply to Expectations of Privacy

Agreed, there should be no expectation of privacy on work computers. I was once asked to compile a list of usernames and passwords so management could log onto employee computers to monitor email. I flat out refused. We came to a compromise and gave management read only access to employee email through the manager's machine.

Collapse -

Your are lucky you still work there.

by melias In reply to RE: Expectations Of Priva ...

Remember what happened to the CCIE in San Fran that refused to turn over passwords? Your situation is not the same, but you still refused a managerial request.

Collapse -


by AnsuGisalas In reply to Your are lucky you still ...

There has to be a reasonable way to do it.
Having a manager be able to log on as an employee isn't necessary, and it's a flucking mess waiting to happen.
No surveillance OP wants write-enabled access, it's just so much easier to mess up when you're able to accidentally or otherwise affect the object of inspection.
And think of the potential for unethical/criminal behaviour that's then enabled. Like, managers doing illegal things through someones account. Either for their own kicks or to frame that person.
Management should be able to see this problem, and should be interested in limiting it's own liabilities in that matter.

Collapse -

Such activities are the duty of a Security Officer --

by Ocie3 In reply to Still...

preferably, one who has a State license as a Private Investigator. But there should be ways to monitor what individual employees do without needing to log-on to their accounts as they do (doing that is, however, usually more convenient). Auditing is a significant security function for a firm of any size.

Much depends upon the work in which the employee, who could be a supervisor or even an "executive" (manager), is engaged. For example, there is not only the employee who effects the payments to creditors or to other employees. There are also the employees who have the authority to command that employee to pay money to an individual or to an enterprise. Every firm has its own procedures and processes which, at least in the larger enterprises, are designed to forestall and to detect embezzlement and fraud, regardless of whether a computer system or network is an instrument. When those procedures are not followed and other undocumented "customary" procedures take their place, danger is at the door.

Related Discussions

Related Forums