Who is Monitoring

Who is Monitoring and How?

In 2001, the American Management Association conducted a survey of electronic monitoring taking place in the U.S. corporate environment. Their results show that 78% of companies employ some type of electronic monitoring or surveillance to keep track of their employees activities. 63% of all managers responding said they monitored employee Internet use, 47% store and review employees' email, 15% monitor employee activities through video surveillance, 12% screen and record telephone conversations, 8% review voice-mail messages, 36% said they stored and reviewed employee's computer files. These figures were nearly double what they were when the AMA took a similar survey in 1997. (13)

The sophistication, usability and relatively low cost of emerging electronic monitoring and surveillance technologies are making comprehensive monitoring of the workplace a practical reality. There are five basic categories of electronic monitoring that take place in the workplace, 1. Desktop Monitoring of Computers, 2. Storing and reviewing employee email, 3. Various forms of "packet sniffing" to retrieve data while in transit on the corporate network, 4. Reviewing computer log files, 5. Monitoring telephone conversations, and 6. Video surveillance.

Desktop monitoring software has the capability of monitoring and/or recording every keystroke and mouse-click you make with a PC or intelligent terminal. Every time a user provides some kind of input to the computer, the DMS intercepts that command and either streams it back to the person who installed the DMS or records it to a text file on the local or on a remote computer. DMS had their advent as hacker tools. They were surreptitiously installed on a victim's PC, usually in the form of Trojan Horse applications attached to email. When the email attachment was executed the monitoring application was installed, and transmitted such things as passwords, credit card numbers and personal data back to the hacker. Now DMS are part of the corporate system administrator's toolkit for monitoring employee computer usage. Sophisticated DMS usually consist of a client package installed on the employee's PC or terminal and a console package installed on a centralized administrative server. Some less powerful varieties simply write their collected data to a remote log or email it to the sysadmin's account. From the console, management can, among many other things, read email and using desktop replicating software, built into the DMS, can see any program that is open on the employee's screen. Many comprehensive DMS packages include alert systems which sends a message to the console when the user visits an objectionable web site or transmits text which contains words contained in a list of "unacceptable" terms. Examples of popular DMS are SpyAgent, Spector Pro, WebSpy, Orvell Monitoring 2002. (14) (15)

Packet sniffers can be embodied as either dedicated portable units that plug into a network or software running on a network server. The portable units are most often used for network maintenance, optimization and bandwidth analysis. Employee monitoring versions usually take the form of sophisticated server-based software packages. Packet sniffers work by flaunting established network protocols of behavior. Normally computers are only supposed to read those packets of data which are addressed to them. Packet sniffers, on the other hand, work in promiscuous mode which means they read all the packets which pass by them on the network, regardless of the address. By reading all, or a random sampling of network packets, it is within a packet sniffer's capability to report such data on employee network use as: which Web sites were visited, what content was viewed at the site, whom email was sent to, the contents of that email, what streaming technologies were used and the content streamed and the content of downloads from internet sites or from file servers on the corporate intranet. Packet sniffers are more or less powerful depending upon their placement in the corporate network. If the server containing the packet sniffing software is placed on an isolated department subnet, its information gathering capability will be limited to the packets which travel on that subnet. However, if the sniffer is placed on or in proximity of the network domain controller, as a gateway to the primary corporate router, or at the company's POP (Point of Presence) where it connects to its ISP's infrastructure, its monitoring capabilities will be extensive. Examples of popular monitoring software that uses packet sniffing technologies are Raytheon's SilentRunner and SpyTech's NetVizor. (14)(15)

Computer log files. Computers by their very nature are the very worst "tattletales." As a part of normal operation, computers and computer systems maintain scores of log files which allow anyone who has access to them to be privy to a large quantity of information concerning who has been using a system, what they have been doing, when they did it, and much more. Generally corporate system administrators and their assistants have, or can easily obtain, access to all log files collected within the corporate network and its components. Many employees mistakenly believe that by deleting an email or a file, or clearing a local web cache, they are covering their trail. Actually, depending on the level and nature of logging going on in the network, the trail is probably still there, in whole or part. Log files are maintained , as a default, by Network Operating Systems, Web browsers, Applications, Proxy Servers, and Email Servers among many others. A network server in a state of heavy auditing will maintain logs that tell the sysadmin when you accessed a file, folder or application: if you changed or deleted a file, if you accessed an application and for how long, and what workstation you were at and what account you were logged in under when you did or didn't do all these things. An Email Server's log, by default, may maintain a record of who you sent email to, who you received it from and the exact time you sent or received mail. Proxy Server logs can keep track of every web site you visited during the day, how long you stayed there, what content you downloaded, etc. It can provide this information to the sysadmin in a easily retrieved and nicely formatted report. (14)

Telephone monitoring is and has been pervasive for many years in corporate America. The ACLU estimates that employers eavesdrop on about 400 million telephone conversations annually. As mentioned earlier, the ECPA gives an employer the right to monitor business-related conversations on its own system. The vagueness of this restriction winds up giving the employer nearly free reign to monitor all telephone conversations, since it can always be argued that it takes a few minutes to decide whether a conversation is business or personal in nature.

Email monitoring as stated earlier has been decided in the courts many times in favor of the employer. As long as email is stored on an employer's system, they have the right under the exceptions granted in the ECPA to read that mail. Access to stored email, in most systems, requires no more than an administrator's password.

Video surveillance is growing more widespread as digital video cameras are growing smaller and less expensive and their wireless communication capabilities are growing into the range of 5 to 20 gigabits per second. Also these new wireless cameras are capable of utilizing spread-spectrum and encryption technologies to create truly private video transmissions. These factors, coupled with already existing data communications infrastructures, make it financially feasible for employers to implement intelligent video monitoring systems linked together by wireless transceivers and controlled by network computer systems.(14)