Roy Schestowitz wrote:
> __/ [ Rex Ballard ] on Thursday 08 June 2006 01:52 \__
> > Larry Qualig wrote:
> >> Roy Schestowitz wrote:
> >> > __/ [ Tim Smith ] on Wednesday 07 June 2006 07:32 \__
> >> > > In article <1934430.8ha3m8QcCt@xxxxxxxxxxxxxxx>, Roy Schestowitz
> >> > > wrote:
> >> > >> ,----[ Quote ]
> >> > >>| According to a new study, about a third of big companies in the
> >> > >>| United States and Britain hire employees to read and analyze
> >> > >>| outbound e-mail as they seek to guard against legal, financial or
> >> > >>| regulatory risk.
> >> > >> `----
> >> > >
> >> > > Using encryption would be a big risk. If they are reading the
> >> > > outbound mail in order to satisfy regulatory obligations, or to
> >> > > protect themselves against legal and financial risk, then they will
> >> > > simply tell the sender to provide
> >> > > the decryption key. If the sender refuses, that is likely grounds for
> >> > > termination.
> >> >
> >>
> >> > _ALL_ E-mail should be encrypted. Read the following:
> >>
> >> Feel free to encrypt all the *personal* email you want. But when
> >> working at a company, and using company computers, company bandwith,
> >> company premises and on company time it is the company that will decide
> >> what software you can have on your system and whether or not you are
> >> allowed to encrypt email.
> >
> > And if you are ever challenged as to your use of these things, you
> > should then pull out your "real" time sheet, the one that shows the 60
> > hours/week, the 20 hours of commute time, the 10 hours/week spent on
> > "administrative" tasks, and of course the 20 hours/week that you have
> > spent on training to stay at the top of your game. Maybe they'll even
> > pay you for the 10,000 worth of overtime you've but in over the last 5
> > years.
> >
> > Maybe they'll even help you get it from Microsoft.
> >
> > But I wouldn't hold my breath.
>
>
> Good point.
>
> If someone wants to gain insight into what I write or read, s/he can ask me
> nicely and I will open up. Doing this behind my back is not something I
> happily accept and a company that embraces the approach of arbitrary
> snooping is not one which I am keen to work for. Likewise with companies
> that decide that's good for me. Fortunately, I often seem to prosper in a
> more enlightened environment whose use of software encourages diversity. My
> Supervisor has always been using Windows and he has repsect for Linux, as
> well.
If you use Windows, there are some very easy ways to see your inbound
mail, even ways to get your PGP or GPG private key, once that key is
obtained, the corporation can read your e-mail. Normally, a
corporation will give you a personal account with adiministrator
rights, but they will also create an account which the corporation can
use to access your machine's hard drive.
Even corporate Linux systems are generally configured so that the
corporation controls the root account, power-users are give "Wheel" or
"sudo" accounts.
> Since you (Larry) used to work for Microsoft, I don't expect you to
> understand my last paragraph or assimilate to any of the sentiments of
> Openness expressed therein.
On the other hand, it is important to be aware of the concerns that
corporations have about their company's resources. If you are using
encrypted e-mail to cover up other illegal activities, such as
embezzlement of funds, theft of corporate property, dessemination of
company confidential information, or passing information to
competitors, they have every right to know.
Keep in mind that in Wall Street firms, they hire janitors who speak
absolutely no english whatoever. If they find out that you can read
english, they pull you out of those firms. These companies have to be
extremely careful to make sure that people don't see the notes of a
fund manager, pick through the garbage of a large institutional
investment fund, and pass on information about what these people are
about to buy or sell.
Some companies require that a manager be on the call whenever one of
their subordinates is talking directly to a client.
Most companies watch every inbound and outbound telephone call. Some
even provide the cell phones to their employees, so that they can know
who is being called on the cell phones.
Companies give their employees corporate credit cards and require them
to use only that card for airfare and hotel expenses, so that these
expenses can be monitored, and the exact location of an employee can be
monitored.
Most companies have security cards which monitor every entry into the
building, and sometimes even into the office. In many cases, the
bathroom, lunchroom, and vending machines are also located externally,
so that all such "visits" can be monitored.
Some companies even monitor outbound traffic, noting when an employee
leaves a secured work area.
Many companies have video cameras with video recording for as much as a
week. If something is stolen or a crime is committed, these cameras
can be used to help identify possible witnesses and perpetrators.
And you think it's unreasonable that the company be able to decrypt
private e-mail that could contain expense report codes, credit card
informaton, conference call numbers, and other company confidential
information?
There is a pretty simple solution. You can request your PGP key from
your employer. This would allow them to check your e-mail, but would
give you the security to prevent hackers and unauthoried observers from
viewing confidential mail. On the other hand, the company can comply
with legitimate court orders related to communication from their
networks.
> >> There are often good reasons for policies like this. Security,
> >> accountability and government regulations are frequently involved.
> >> Anyone who disagrees with these policies and believes it's their god
> >> given right to encrypt their outgoing email is free to seek employment
> >> elsewhere.
> >
> > Actually, if you illegally publish copyrighted material, insider
> > information, or other illegal publications, you will NOT be free to
> > seek employment elsewhere, because you will be spending your time in a
> > federal prison, in military service, or in a nice resort just south of
> > Florida - Guantanimo Bay - possibly without trial, and possibly for an
> > indefinite period of time.
> >
> > Copyright violations - 5-15 years depending on the material illegally
> > published.
> > Insider Trading Information - 3-25 years depending on related damages.
> > Information facilitating a felony - 2 to life, depending on the felony
> > committed.
> > Facilitating Terrorist Acts - Immediate trip to Guantanimo bay.
> > Keep in mind that any relationship to drugs, including Heroin, Cocaine,
> > Marajuana, or Hashish, would be a terrorist act because under the
> > patriot act, this would be helping to fund terrorist organizations.
> >
> > Keep in mind that federal court judges have very little descretion, and
> > there is no parole.
> >
> > Disclosure of classified information - 10 years per offense, if you
> > make it to trial.
>
> None of the above intersects with anything that I will ever do or have ever done.
But with no way of legitimately decrypting your communications in
complaince with a legitimate court order makes it impossible for them
to prove that you are not engaging in those activities.
> My interest in privacy is partly idealogical and, in part,
There are legitimate situations where your privacy is limited. Court
ordered searches, court ordered disclosures, proper police
investigations. Failure to comply with legitimate court orders and
legitimate investigation could constitute obstruction of justice.
In most cases, court orders requesting such things as all emails
between the people in your organization or division, and another
organization can be filtered and sent provided to the court without any
actions on your part.
When you start sending indecipherable transmissions, the company has to
engage in much more substantial expenses to comply with these
legitimate court orders. They might even have to interact with you
directly as a last resort. When such interaction is necessary, it
could warn actual perpetrators that an investigation is taking place,
driving them into seclusion. Of course, they would probably also be
using encryption as well, and they would be using it to encode truly
illegal or unethical behavior that could impact the outcome of a
lawsuit, government hearing, compliance investigation, or even a
criminal investigation. And your privately encrypted notes to mom and
dad will waste millions of mips-years of computing time - only to crack
worthless messages.
Meanwhile the perpetrators, now alerted to the problem, could make sure
that all emails sent and received, as well as those sent and received
by co-conspirators, are completely erased, with all traces removed.
They might even write random garbage then re-image their hard drive.
Thanks to you, a securities fraud will wipe out the pensions of
thousands of elderly pensioners, an embezzler or industrial spy will
collapse your companies most valuable and strategic information, a
serial killer will get 2 more victims, or a child molester will have is
way with other children, just because you diverted attention and
allerted the perpetrator when the investigators had to focus their
attention on you.
> I just don't need people reading everything I write to family and friends.
Most people don't really care what you write to your family and
friends.
Why do YOU care so much?
Keep in mind, I'm not saying I'm endorsing unwarranted snooping. As I
pointed out in my earlier post, there are criminal penalties for
improper disclosure of private information found in e-mails. Even when
your e-mail is searched, the search is carefully designed to limit the
number and type of messages read, and to limit the stuff that actually
needs to be reviewed manually to that content most likely to be
actually required by the court order being enforced.
If you write a letter, describing your favorite sexual fantasy to your
wife, and an e-mail administrator improperly discloses that information
to your coworkers, you can sue the company, and the company can
criminally prosecute the administrator.
> Best wishes,
>
> Roy
>
> --
> Roy S. Schestowitz
> http://Schestowitz.com | Open Prospects ¦ PGP-Key: 0x74572E8E
> 7:55am up 41 days 13:28, 11 users, load average: 1.48, 1.38, 1.06
> http://iuron.com - knowledge engine, not a search engine
|
|
