Sunday, June 1, 2008

They are watching us

It feels like I was singing again Jem’s They song chorus: “Who are they? Where are they? How can they possibly know all this?”

Who, you ask? Not your over possessive ex-girlfriends or ex-boyfriends, also not your over protective parents, or maybe your spouse? But scarier than that, it’s your own employer and yes that would include the company you’re currently working for.

That would mean if you’re using a company’s computer, then it’s most likely you’re being watched upon. And your employer doesn’t have to tell you that he/she is monitoring your computer, although it would be more ethical for them to warn their employees, so far only two states: Delaware & Connecticut which suppress the law to make employers notify their employees about this.

Companies are not worry if you’re using office resources such as email and telephone line to communicate with your family, husband or wife; talking about the weather or what and where to have dinner. But they’re dead worry about company’s secrecy and top-confidential informations, that are not supposed to go public and heard by anyone outside the company inner circle.

What’s the rush anyway for such secrecy? Why, let’s say you’re Steve Jobs; the Apple’s big-ego-maniac CEO, who wish to announce the new iPhone 2.0 with huge and dramatic announcement later at WWDC. It wouldn’t be dramatic, or it won’t be a surprise anymore if everybody already knew what iPhone 2.0 looks like ain’t it? ;-D

But the hard line of question to be answered is: how far does it go for these companies to invade their employees’ digital privacy and can be justify as legal actions?

Based on Proofpoint survey in its 5th annual study of outbound email & data loss prevention issues, 44% of surveyed companies reporting that they investigated an e-mail leak of confidential information in the past 12 months. Most of large companies with more than 20,000 employees are employing staff to read & analyze the contents of corporate email, thus so far there are 26% of companies surveyed terminated an employee for violating e-mail policies in the last 12 months.

A one good way to secure your private communication is with an encrypted email, like what BlackBerry has done with its email service. But even this has cause a certain problem with Indian government who wish access to these messages sent by its enterprise clients over the BlackBerry service. The BlackBerry security architecture for enterprise customers is based on a symmetric key system whereby the customer creates his own key, and only the customer possesses a copy of his encryption key, RIM said. The company does not possess a "master key", nor does any "back door" exist in the system that would allow RIM or any third party to gain unauthorized access to the key or corporate data.

So far the Indian government had refused to allow an Indian network operator, Tata Teleservices, to offer BlackBerry services until the government was able to intercept BlackBerry messages for security reasons. The talks between Indian government and RIM are still haven’t meet any conclusion yet even until now. Proofpoint also concluded that about 27% of companies surveyed had investigated the exposure of confidential, sensitive or private information from lost or stolen mobile devices in the past 12 months.

Another shocking report from Proofpoint study is that 23% of U.S. companies surveyed said their business was impacted by the exposure of sensitive or embarrassing information in the last 12 months. Now such information can be watched in various ways, not just through email but also include land line and mobile phone communication.

And the time line can expand as far as it needed to be, like what the Germany-based Deutsche Telecom who investigates misused call data records by its security staff that took place between 2005 and 2006. The company said that such records are routinely kept by telecommunications operators about all their clients, as they are essential to the billing process, but details of the calls made on a particular line are usually only made available to the bill payer.

The monitoring doesn’t stop there, the rise of independent bloggers is also considered as new threats by large companies. Proofpoint study found these:
  • 11% of U.S. companies surveyed disciplined employees for improper use of blogs/message boards in the past 12 months.
  • 13% of surveyed companies disciplined employees for social network violations and 14% for improper use of media sharing sites in the past 12 months.
  • 14% of publicly traded companies surveyed had investigated the exposure of material financial information (such as unannounced financial results) on blogs or message board postings in the last 12 months.

It’s not just weblogs and blog forums that are being used as channels for bloggers to post their thoughts, but they’re also using the uprising wave of web social communities. Oh, you know what I’m talking about such as Facebook, MySpace, Twitter, etc.

We’ve been talking about companies who restrict their employees to certain degrees level of conduct, but how about if it all are turned up side down? Like in the case a famous blogger and an avid Twitter user, Ariel Waldman. Where in this situation she’s a user, not an employee of the well known microblogging service company Twitter.

For a quick recap, Ariel is a "social-media insights consultant" who contributes to tech blog Engadget and runs her own site, Shake Well Before Use, about "art, advertising, sex, and technology." And so in the geek tech and on-line circle, she is a sort of celebrity who usually comes with scrutiny and often ugly commentary.

Ariel has been started receiving multiple accounts of harassment from another user of Twitter, who apparently posted through a site that allows users to post as anonymous to the central Twitter account. When the harassment grew worse into 2008, Ariel had asked Twitter to remove those posts from the site’s “public timeline” and Twitter to ban the peculiar user account.

Ariel insists that this harassment is in violation of Twitter’s terms of service that say: users "must not abuse, harass, threaten, impersonate, or intimidate other Twitter users" and that the company "may, but have no obligation to, remove content and accounts containing content that we determine in our sole discretion are unlawful, offensive, threatening, libelous, defamatory, obscene, or otherwise objectionable or violates any party's intellectual property, or these terms of use."

The final response to Waldman's complaint from Twitter co-founder Biz Stone asserted that "Twitter is a communication utility, not a mediator of content," and that "Twitter recognizes that it is not skilled at judging content disputes between individuals. Determining the line between update and insult is not something that Twitter, nor a crowd, would do well."

Now isn’t this a contrast dilemma for all of us? We love using un-policed web services because we feel free to do anything we want in there, but on the other hand what will you do if you’re in Ariel’s shoes? Where you don’t want to abandon the web service you’re so addicted to, and in the same time you wish for a bit more advanced management to the web service you’re using. Just like what Ariel Waldman has wrote: “Anyone can use Twitter to consistently harass you and ruin search results for your identity, and Twitter won't execute any means of community management."

If you’re into law and order in social networking like that, then you’re in luck. Because Europe's top Internet security agency, ENISA, called last Tuesday for new legislation to police social networking sites such as Facebook and MySpace.

The executive director of ENISA Andreas Pirotti said there is a "crucial need" to raise awareness about how social networking sites work. Few people realize that they can be offered up as friends to people they don't know. Also, many people don't realize that it's almost impossible to erase material once it has appeared on the internet. He soon added: "Internet security is extremely important, considering how much business takes place online now. We don't want infrastructures to be disrupted, we don't want a digital 9/11 to happen.”

But again another digital on-line security emerges as policing such private informations from the net is to become a legal law in the future, since it’s not only users and employees who have to be watched over. Because the employers and companies are also using these new digital techniques to search for their employees’ private infos by using web services such as Facebook, MySpace, Twitter and Google.

“Googling” someone on-line to check on his/her background is so common nowadays, not only because it’s so easy but also because it’s pretty accurate. Using on-line free services from your country’s social service, you can look back records whether they’re good or bad, and worst of all they’ll know your hobby as well.

So for instance; I will probably never going to make it to get a job at Apple at all, not even as the errand boy (a.k.a. office-boy), because I’ve made a lot of jokes on the almighty and great Steve Jobs. Nor, I will not work at Microsoft either even if they do pity me and willing to hire me as its door-man (whose job is to open up the office door for Microsoft’s dynamic duo: Bill Gates & Ballmer)… ;-p

And I haven’t talked about GPS tracking devices, that are being commonly implemented into today modern mobile phones. Let’s just say that you received a new and all shiny iPhone 2.0 from your company, of course you’re over rejoiced since you’ve been wanting for one plus it’s paid from company’s treasury fund not yours. But what you don’t know is that you’re being tracked down with the GPS feature in it, by your own company who suspect you as its rival’s spy.

Okay, I know I’ve been watching too many spy movies lately ;-p Stay safe and be careful my friends, it’s a watchful world out there that’s filled with prying eyes everywhere.

Sources are from:
Your Company Is Probably Reading Your E-Mail, Survey Says (Switched)
Deutsche Telekom under investigation for peeping employee phone records (Engadget Mobile)
RIM Says It Can't Provide E-mail Interception in India (PC World)
Deutsche Telekom Seeks Investigation of Call Data Abuse (PCW Business Center)
Popular blogger ignites uproar over Twitter harassment (Webware)
Employee Monitoring: It's Not Paranoia—You Really Are Being Watched! (PC Mag)
EU Security Agency Wants Social Network Scrutiny (PCW Business Center)
Why I won’t work for Microsoft (CNet News Blog)

[blogged with my Treo 750v]

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)