Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Workplace Privacy: Big Brother Is Watching
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
11/6/2014 | 10:59:52 AM
Re: Is it really shocking that companies are watching?
Agree, @SecOpsSpecialist,at least in theory, as I type on my work computer in my home office, (right after checking my personal gmail).  It is indeed a slippery slope we are on with workplace privacy at home -- as well as in the office!
SecOpsSpecialist
50%
50%
SecOpsSpecialist,
User Rank: Moderator
11/6/2014 | 10:50:39 AM
Re: Is it really shocking that companies are watching?
@Marilyn,


That's a good question actually. Can we reasonably expect that no one is going to do non work related activities on work computers? No. But what we can expect is that if we say that we don't want people viewing adult material on their work laptops, and someone does, we have the reserved right to take disciplinary action against them for violating company policy. As I may have mentioned, there are products out there that can be installed on work laptops to prevent people from going to websites we don't want them to go to. Plus, with logging and log management systems, we can view practically anything on those laptops. By accepting a work laptop, a person is then accepting the responsibility of said laptop into their care and custody. Once at home, if on the work laptop, the person decides to engage in personal activities that are against company policy, technically, the laptop is still company property and therefore is still subjected to the Acceptable Use Policy, even on business trips or in the home.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
11/5/2014 | 3:37:58 PM
Re: Is it really shocking that companies are watching?
It gets more complicated as  more work takes place outside the workplace -- in our homes, on airplanes traveling for business -- or personal reasons. As the lines blur between work and life, how can you tell a person they can't pay a bill online in the office, when they go home and check email at work? 
SecOpsSpecialist
50%
50%
SecOpsSpecialist,
User Rank: Moderator
11/5/2014 | 3:12:41 PM
Re: Is it really shocking that companies are watching?
@dmelnick,

You make an interesting point. The thing that we as workers tend to forget is that the reason companies had to create acceptable use policies in the first place is because something bad happened to the organization. Same reason why the silica packets say "do not eat" and why McDonald's coffee says, "caution hot!". Someone did something, regardless of what it was, caused a problem for the organization and the company had to tighten up what they allowed their employees to do.

Quite honestly, by signing an Acceptable Use Policy, you are, in fact, signing an agreement between you and the employer. I can understand from the employee perspective why it seems unfair that they say "you can't go on Facebook" or "you shouldn't login to your bank account." In a way, the company is trying to not only protect themselves, but protect you as well.

Think about it another way, if the company gets hacked, and the hacker is able to get into the company's credentials, what's to stop them from stealing John Smith's bank account information? It's been logged into the company's system that he's accessed it and therefore, he knows that John Smith banks with ABC Bank and has a username of jsmith252. The hacker can then use that to get access to his bank records. Yes, it seems unlikely, but that's often times what happens.
dmelnick
100%
0%
dmelnick,
User Rank: Author
11/5/2014 | 10:43:13 AM
Re: Is it really shocking that companies are watching?
@SecOpsSpecialist,

You say "People only complain about "privacy" being invaded when they do something that is against company policy on their computer." But what happens when doing anything personal is against company policy. over 70% of companies have Acceptable Use Policies that basically say you cant do personal stuff at work. It seems like we are in a bit of a pickle when the policy is unrealistic. These policies are forcing employees into civil disobedience in a sort of "dont ask dont tell" unwritten policy.
SecOpsSpecialist
100%
0%
SecOpsSpecialist,
User Rank: Moderator
11/5/2014 | 10:17:17 AM
Is it really shocking that companies are watching?
You really have to ask yourself this question: Is it surprising the companies have to watch what it is people are doing? Think about it from this perspective, a company has data that they need to protect, if a person is consistently on Facebook or Twitter, there is a distinct possibility, in the business's mind, that this person could be leaking secrets all over the Internet. So what can companies do?

There's this nifty little thing called URL Filtering, Application Whitelisting and Application Blacklisting which helps to protect the organization. If the organization does it right, they can block social media such as Facebook and Twitter, but leave "professional" sites like LinkedIn available. A business is designed to make money, not lose it. I know when I come to work, I'm being monitored. But the thing is that I also don't do things that I know would get me into trouble. People only complain about "privacy" being invaded when they do something that is against company policy on their computer.

The 20% watching pornography seems like a lot, but quite frankly, it's on the business if they allow it on their computers at all. Products exist on the market to prevent those kinds of things from happening and if the business complains that their users are doing that, then perhaps they should rethink what they actually allow on their work computers.
dmelnick
50%
50%
dmelnick,
User Rank: Author
11/4/2014 | 6:14:42 PM
Re: trust
@Thomas, I agree this discussion is partly about "trust" but I think the real debate is about what constitutes "fair" rules?

@vnewman2, thank you for your comments, I appreciate the way you are working to wrestle with what constitutes fair practices. To your point, our lives have blurred between work and personal and I don't think that is necessarily a bad thing. But accepting that co-mingling leads to a discussion about whether an employee should have any rights to a private live in the workplace. I think the Europeans are out in front of the US in thinking deeply about this important 21st century question from a regulatory perspective.
dmelnick
50%
50%
dmelnick,
User Rank: Author
11/4/2014 | 6:08:23 PM
Re: trust
@Marilyn, I agree the pornography number is surprising, however examples like the high profile EPA users of pornography that led to congressional hearings illustrate the limited controls enforced in many organizations. All the more surprising with the wide availability and maturity of category based web filtering solutions which could limit this type of activity. Pornography often leads to more complicated employer liability risk around creating a hostile work environment/sexual harassment, and in the case of the EPA story child pornography incidents were reference which are criminal. The EU members are not going to protect employees involved in criminal behavior and generally provide for surveillance associated with investigations into employee activity. 
vnewman2
50%
50%
vnewman2,
User Rank: Strategist
11/4/2014 | 5:07:33 PM
Re: trust
Further, here's a little anecdote: During graduate school, I worked part-time as the kid's fitness director at a gym.  If I had a guest teacher come in (let's say for gymnastics), I would sit and read a text book because I wasn't allowed to help (liability) or leave the room.  When the class was over, I would clean up the equipment.  I was wiping things down when my boss and her dad (yeah, i know) walked over to my desk, staring down at the book and whispering.  I asked, is everything ok?

She said, "Yeah, we're just looking at this table."  

I quit the next week. 

 
vnewman2
50%
50%
vnewman2,
User Rank: Strategist
11/4/2014 | 4:59:18 PM
Re: trust
@Thomas - I hear what you're saying but when the rules are antiquated or just obviously don't make any sense, people are going to break them.   Putting all kinds of barriers in place to prevent people from "goofing off" or doing non-work related tasks is near impossible since people can just hop on their personal phone to play games, FB, email, shop, etc.  

The way I feel about it is this: My life does not just stop when I walk in this building.  There will be times when I need to deal with personal issues on the firm's dime.  In the same way, I'm not going to report every second of time I spend checking my work email throughout the night to make sure no one in the office is at a work stoppage.   I feel like it all evens out in the end.

And if my work for day is complete and my projects are current, why can't I go waste some time on Facebook (I don't because that's not my thing, but you get my point).   Or else I could sit here and daydream - you can't police that - yet.   The point I'm getting at is - what's the difference between sitting at your desk drawing doodles and getting on your computer to do bascially the same thing?  I've never understood this kind of mentality.

The only issue I do have is with people who put the entire firm at risk doing stupid things that are outside the confines of their job - visiting rogue sites, circumventing security checkpoints, etc.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...