Whose STUFF IS IT?

A question arises more and more often these days (for no real reason I can understand) regarding the supposed 'rights' of people to use their WORK computers (at their place of employment) to conduct personal tasks with.

I hear that everyone has a God-given 'right' to use their employers' computer system to send and receive emails with - and not only that, but that such communications should be guaranteed the right-to-privacy (from their employers' prying eyes) or at the very least that they should be notified in writing that their employer will be monitoring such communications.

Also, there seems to be some support for allowing employees to load the software of their choice on their employers' computers.

I have absolutely no sympathy for either position, and I'd dearly love to hear everyone elses' take on this subject.

I'll start.

Basic Premise: It's NOT your computer!
(This is so self-evident that I hesitate to even point out the fact that you don't get to take it home with you if you leave/get fired/quit - nor do you get to take your desk or your office home with you under the same conditions - to wit, it is NOT-YOUR-COMPUTER!  

Basics:
(a)You're at  work to WORK! , not to spend time you're being PAID for to send cute little emails back and forth to everyone in the universe.


Taking a chance on exposing your employer to an as-yet un-defined (by your corporate AV) virus or trojan seems the very height of foolishness AND selfishness. These people whom you supposedly work for are putting the bread-and-butter on your table - do you not owe them at least the courtesy of not exposing them to such risk?

You want to install your software on your employers computer?

What in God's name do you think gives you that 'right' to start with?

I see, day-after-day, people infecting their own computers from removable media (CDR's and floppies), because they're not savvy enough to scan them with an updated AV AND AT program before installing something from them - and we want people to have the right to be able to do the same to their employers ?

I'm not even a SYSADMIN (although I'd dearly love to hear from some on this subject), but even  I can see the total insanity involved in going along with these supposed rights that apparently a lot of people think they should have.

Okay - it's now open season on Pete!

Really, people, I want to hear as many of your views on this as possible. Thanks. Pete

 

Ditto on all of it Pete. Probably not a popular position to take but consistent.

I find it interesting that so many take the position that the home computer  "is my property" and how dare any adware or spyware be installed, or someone dare try to compromise it, or control any applications on it.......but the same rule does not apply to their employers' property which they paid for and expect employees to do their 'job' with.

 

Ahmad - Hi! And a warm welcome to you, my friend!

lol! You know, the 'double-standard' facet of it never even occurred to me - but you're right! Pete

 

I must agree on your position.

The work computer IS the property of the employer. Therefore, it is the employer's responsibility, for the sake of network intergrity and to prevent other possible lawsuits to install certain software to prevent unauthorized programs from running, and unauthorized access to take place. An employee could very easily install a program that would open some major security hole in one computer, which then could leave the rest of the network vulnerable.

By keeping track of all emails sent, and blocking access to web based emails, companies also help to prevent company secrets from getting sent out, and from identifing the "culprit" if that happens. Web-based email services open up whole new avenues of *possibly* unblockable sending of company information (at least on the company e-mail server, e-mails with certain keywords can be blocked).

All in all, this is simply for the company's safety. While some convenience is lost for the employees, in many cases it is necessary to protect against the couple, the naive, or just simple mistakes that could cause BIG problems.


My two cents.  

 

For the most apart I agree with the previous statements, but then again I am a 24 year old father and husband.. ex-ironworker and back to college for a Law Enforcement degree who is totally unemplyed for now and doing full time school.
I do understand the safety risks of companies with their computers/networks but on the other hand, if they are going to allow email usage, and will monitor it, they should let the employees know that it will be monitored. If the systems specialists determine that this monitoring is necessary, then anyone who doesn't agree to it doesn't need access to email services. After all, the hardware and the software all belongs to the employer. Basically I think that lots of people don't understand just how bad the security issue really can be with computers, so maybe a little in-house education would be good so that the employees overall have a better idea of why the company does the things that it does and what the real purpose is...
ie.. "If you use our email servers it will be monitored, not because we want to play 'Big Brother' but because we don't want you weenies inadvertantly introducing malware of any sort on to our system that cost more than your house."
;-)

 

Nicely put!  

 

It could very well be in the interest of the company that an employee is able to have some contact (with phone or email) with his/her home front.
Why? That way an employee could feel better, and an employee who is feeling him self better, works better. There can not be any doubt about that.

That virus or trojan could you also get very well while you have email-contact or other internet-contact at your work with other companies you have contact with due to the kind of your work.
You say: OK, but that other company has a much better security-policy than you at home at your own PC.
Well, first you can question how good the security-policy of every company is; secondly, I know of companies who give their employees a free AV for at-home-use.

 

I gave this a lot of thought ... because my first reaction was that it isn't even a debatable issue! I wouldn't think that using your employer's computers for personal email and/or loading your own software (what - games?) would be considered, much less allowed. Or does one expect not to be paid during this time?
OTOH, it occurs to me that there are some who, absent this opportunity, would have no other access to email, and thus it might be a beneficial thing to permit certain limited and monitored email usage (monitored, for the reasons stated above).
However, that said, I would be staunchly in the corner of those espousing strict controls ... not only to protect the system(s), but also to ensure that it didn't get out of hand ... there is ample evidence that this is a distinct possibility.
If my employer gives me a truck, or an airplane, or a boat to operate in the furtherance of his business, I don't think it's reasonable to expect that I can use it at my leisure, maybe install some personal items in/on it, and otherwise put it at risk.

 

I was going to write about a couple of things and fanj mentioned two of them. I have a few more.

1. The telephones at your employer are also not "yours" in a literal sense. But, have we not ALL at one time or another made a personal phone call on the "companies" phone and the "companies" time? Of course we have. Nobody expects a worker to literally "work" every minute of every day. Why is the computer sacred and off limits in this respect?

2. Nobody has mentioned that there are breaks and lunch time which is not the companies time. Has anyone ever complained about using the company telephones to call home, the spouse at work, the elder parent or whoever during those times? Of course not. But for some reason the computer is somehow sacred and cannot be used for the same purposes, just a different technology.

3. Fanj made this point but I'll add to it. The phone has forever been a source of comfort for mothers to call the babysitter, check in and say hi to the husband at work, to call the child at home after school, endless uses of the phone for personal reasons that actually increases the productivity of the worker by making them feel more comfortable with lessened anxiety. Why is the computer sacred again? An email to a spouse at work and reading a reply in return is no different than the phone. In fact, it limits the time compared to the phone because you are not carrying on a conversation. I write and say "hi, you write back and say "thanks for the note see you tonight." I see no problem at all with this.

4. Resentment. The $10 an hour workers are being told and even have their computers wired to inform the boss if it's being used for "personal" business. That can, and does, cause resentment because the suits in their hideaway offices are using their computers and sending private email and you can bet your life on it. But not the employees, they're supposed to be "working."

5. Spying. This is big brother tactics that have no place in our society. I have used the phone as an example. It is simple another communication tool, but do the bosses have the phones tapped? Would you feel comfortable knowiing every word you say on the "companies" telephone was being recorded or listened to live? As shocked as Spy1 is at how he can't believe expect to be able to use their computers for any personal uses, I am just as shocked that he sees it the way he does. It's shocking to me that one would be expected to NOT use it now and then, and just like the phone, unless you're on it all the time, it shouldn't be a problem. The phones are not tapped. The computers should not be tapped and bugged with spying devices for the $10 an hour peons either.

6. Postal Mail. How many of us have used a company pen to write a personal thank you or letter on "company time" and even put it in a company envelope? Of course we have. How would you feel if the mail were screened? How would you feel if the management felt they had the right to open the mail again in the mail room or read over your shoulder at lunch time while you write a postal letter? That would be one sick workplace. Why are computers treated as sacred and it seems ok to put employee spying programs on them to capture every keystroke?

7. Trust and Courtesy. Whatever happened to old fashioned values of hiring people you trust and then trusting them to do their jobs? If they are writing emails (or talking on the phone, writing in a greeting card) and it becomes a problem, you talk to them. Just as always. But to just assume that the people who have CHOSEN to work for you will abuse company time with whatever tool and you feel the need to spy on them, something is wrong from the start with the employer-employee relationship.

8. Corporate totalitarianism. To me, this is the root of the matter. In America at least, I believe we are moving very fast toward a society where the corporation IS America.  If it's good for the bottom line, it's good for the company, employees be damned. If it's ethical, but not good for the bottom line, cut corners and tell white lies, or big fat ones if necessary. Benefits are cut so the bosses get millions of dollars in bonuses. Pension plans get raided while bosses get golden parachutes and getting paid huge sums of money just to LEAVE! In America, look at ENRON and the horrible crimes of that, apparently, totally scummy company. They probably spyed on their employees and that was the LEAST of their worries. I mentioned this before, the bosses can use the computer for personal emails and God only knows what else, but the employee better not send an email to dad from work or they'll be "written up" or at the least, spied on by the big brother corporate chieftans. I call it all Corporate Totalitarianism. A dictatorship of, by and for the rich that run the place and workers are mere cogs in the machines. To be spied on, stepped all over, and expected to be all and give all to a company that we see in America, very few have loyalty to their workers. But using the computer for personal email? Crime! Why not go ahead and tap the phones? Why not open the mail in the mail room to make sure no birthday greetings to a friend were written at work?

This interesting discussion got started because Spy1, Pete, and I had a discussion that included some of these points. I hope he will consider what we owe a company and what a company owes us. Is our desk "ours"? Is our workspace "ours"? We decorate them with pictures of our families and put silly sayings in our cubicles or whatever so, yes, I say it's "ours". Of course not in the strictest, literal sense, but it's OURS. Our phone is our phone. And yes, our computers are OUR computers. Not in the literal sense, but they are ours as long as we work their.  If Pete really believes so strongly about this, he MUST to be consistent end all personal phone calls at lunch hour or any other time, end all writing of mail on company property, tap the phones, reopen the mail. Pete even sees something wrong with having to inform an employee they are being spied on and everything they type is being reviewed by others. I really don't understand the problem witrh that. That's the law in California and well it should be. We are people, not cogs in the machine of the new corporate state. Why is the computer being treated so differently than other modes of communication within the office? Why is the computer being treated as sacred? I say NO to spying and YES to trust, until it is broken and you are obviously no longer performing your job to your abilities. This total ban complete with software to enforce it is ludicrous. I feel as strongly as Pete does on my position as he does on his. I fail to see how he cannot see how wrong it all is. How it is George Orwell's vision with a twist. Instead of the government, it's the corporation. And those two are becoming harder and harder to separate as they join together to do whats good for the elite while the rest of us are to be kept "in line" complete with high-tech methods of spying. I call it shameful.

This is an important issue I agree. And that's my two cents.

Thanks again to my wife, Tracy, for helping me make this readable.

John

 

Interesting thread, which I will be following since I now tasked with writing IT section for the employee hand/policy book! What can you do, expect to do, and expect from your employer with respect to computers at work?

I'm very much on the 'don't do the crime, if you can't pay the time' bandwagon. That doesn't mean that I don't cross the speed limit occasionally or fail to correct a clerk on a wrong price in my favour. But, as someone who has to maintain the (9) systems at work, I don't want folks downloading willy nilly or opening every stupid email that comes their way.

In short, employer's equipment, employer's rules. Free speech, freedom of movement .... within reason, yes!! Freedom to download, freedom to play games.....those belong at home.

Hi, Pete. Nice site.

 

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." - Amendment IV, The United States Constitution (1791

http://www.epic.org/

John

 

Interesting...but the question I guess this brings up is:
"Does what most companies do (i.e. using some blocking software, screening email, etc.) really count as "unreasonable searches and seizures"?

Not to start a HUGE debate, but it seems to me as though the "normal" protections most companies take against threats (by blocking personal tasks, keeping records of emails, etc.) are not "unreasonable", assuming that certain privacy protections are also put in place...

*Braces himself for the downpour of responses*  

 

If the policy is set, Obey it.
If you are not sure,ask.
If you need and exception,put it in writing and get the answer in writing.
If none of the above apply to you, you're on your own.

If you set a policy, consider the employee in all cases
If the policy is not working, change it
If you yourself  could or would not obey it, do not set it.
If you do anyway,you are on your own.

 

I tend to agree that its the employers computer.  Follow policy.

Personally; if I were adminstrator of a lan/wan again I would institute much the same policy as the original msg in this thread intones.  The only exception is that if an employee needs special software that they do a written request for review and installation from the IT department.  If the answer is NO then accept it as law.

I can't count the number of hours lost (in a previous job) where employees downloaded and installed software that trashed the PC requiring a complete wipe and software install as well as trashing a few hard drives.  I firmly believe that an employee should be given at least a day of administrative leave w/o pay for such infractions.  Especially if it trashes the PC.

 

Im not syaing this just to be argumentative... I mean I still don't have a problem with people being able to send emails from work for personal purposes, with the emplyers permission...

However, I fail to see the connection to using company pens/phones etc because there is no security risk to those items. You can't write a letter and get a virus that destroys all the pens in the building... Nor can a bad phone call cause the phones to stop working. The computer networks, on the other hand, are susceptable to viruses, trojans, etc. This places them in a different class because of the possibility of huge financial loss due to network downtime and other difficulties that can be inflicted.

 

This is interesting! Makes you think!

Sending an email to my wife is not going to bring the network down and cause huge financial losses. My spouse responding won't either if the IT dept. has done THEIR job and made sure there is proper antivirus protection in place.

The connection with the pens, letters, phone calls and all was not directly linked in my post as a technological issue, other than it being just a different mode of communication. The point with the letters, greeting cards, telephone calls, etc is a privacy issue and the double standard in place at current corporations who feel the need to spy on their employees.

Another thing is training. All of these doomsday scenarios are coming from the possibility of an untrained employee who could cause problems without ever doing anything personal on the computer. As fanj noted in a post, a virus can be introduced by a corresponding company just as easily as a spouse. That shouldn't be an issue if the IT people have the network protected in the first place. As for a rogue employee, they can wreck your computer and your network if they have the know how. That, again, is the attitude of the totalitarian state, which is spy on EVERYONE because someone may step outside the allowed parameters.

None of these arguments wash, as quite honestly, they are arguments to allow corporate America to spy on employees they trusted enough to hire and the risk of using the computer for personal email slim to none. Now, the executives in the hideaway offices downloading only God knows what   , now THAT'S your threat.

Good thoughts, but I never believe in giving up personal freedoms and privacy for the sake of security or anything else. We could all be perfectly safe if we were willing to submit to a national ID, spying at work, cameras on the corners, etc. but, it sounds a lot like 1970s USSR. And they had little crime to be sure, at a great, great cost. Let's not make the same mistake that will spell an end to workplace democracy and an ushering in of the Corporate Nation, with people, supposedly protected by the democratic institutions being trampled on by power that is all knowing, all seeing and hypocritical. The crimes in the suites are running rampant over our rights as free people. That can hardly compare to emailing mom on her birthday.

Love this forum. You people are all so intelligent and stimulating discussion is such a rush!

John

 

Hi, everybody! Great responses!

John - Quick point-by-point thoughts:
(1) (Very succinctly handled by Detox already). Phone calls and letter-writing at work bear exactly zero relation to the issue-at-hand because you can't hurt your companies computer system by using payphones or pencils pens at work.
(Personal note: I do use either the payphones provided or my cell phone to call home - not their phones).
Tip for you and the wife: Better check immediately with both your jobs and ask someone who knows whether all out-going/incoming phone calls are monitored and recorded (where I work, they are, taped in fact and kept for God knows how long - they also come out every so often and show us the phone logs. All calls [the number dialed and the length of the call] are documented via printouts).

(2) I don't have a problem with someone calling home (from their cellphone/payphone) on their break or lunchtime. Once again, there is no analogy between phone calls and internet use (see (1) ).

(3) See (1).

(4) Agreement, at last! You are absolutely right in one respect - Upper management doesn't suffer from the same restrictions on their internet usage that we peons do - at least not where I work. Yes, it sticks in my craw - however, they also make more money than I do, have their own offices, company vehicles and laptops, expense accounts - if we're going to harbor 'resentment', let's make sure to add those to the list, too, my point being that, like it or not, we're comparing apples to oranges here.
( I have had fun from time-to-time in instances where some unfortunate exec left their computers on while they weren't present - totally against IT Dept. rules to have computer shut down AND password protected - they're probably still wondering where all their bookmarks, avi and sound files went).

(5) I expect to be spied on at work - actually, I expect to spied on just about anywhere other than my own home. Do I like it? No. Is it a fact of life? Absolutely. In reality, there's very little you can do about it.

(6) See (1).

(7) Ask your and your wifes' IT dept. to provide you with printouts of internet usage time (if they will). I think you'll find (especially if their reports are as detailed as ours are at work) that internet/email abuse is rampant. Our reports show the site name visited and the amount of time spent at each site - you would be absolutely horrified, and place Draconian prevention measures into effect yourself if you were the one who had to pay for that internet time. Most businesses of any size have high-speed connections - they are not cheap. So, IMO, you're not seeing "something is wrong from the start with the employer-employee relationship.", you're seeing management/owner response to abuse!

( "Corporate totalitarianism" is way outside the scope of the question here - the question here was "Whose stuff is it?"
Your desk, workspace, phone and computer are not yours, John, it's all equipment provided to you by your company to do your job with, although the pictures, silly sayings, posters,etc. that you bring to work are - that's why you get to take that stuff home with you when you change jobs, get canned, etc.

And, no, I don't have a problem with having people notified about whatever measures their employers use to regulate internet usage - (see (5) ) - actually, it's a great policy to do so, so that there'll be no claims of "I didn't know I wasn't supposed to do that!" (There's a clickable link on every workstation in the plant where I work entitled "Computer Usage Policy" - it's quite detailed and easy-to-understand).

(*) I don't buy the quote from the Constitution in this case - you're not at home, you're at work/it's not your stuff, it'stheir stuff.
Your companies' IT dept is very likely working their butts off trying to keep their OS patched and actively fighting people from the outside who are trying to get in (hackers, corporate spies, etc.). You might want to ask them how much time they have to devote to making sure Joe Blow on workstation #302 is fully protected, both from his own online behaviors and from whatever consequences to the company that behavior may open the system up to. Do you ever talk to your IT people at work, John, you know, kind of get their slant on this?
Perhaps you should.

And, I guess you're not getting this, John, but, yes, if your wife emails you at work from home, and she's managed to pick up a virus that isn't defined yet, and you receive it and it's not defined on your corporate system yet either, then you/she can absolutely bring down your corporate network - it's every sysadmins nightmare.

Just my cent-and-a-half's worth in return. It's definitely been worth everyones' time if it's made them think. Pete

 

Hi all,
No surprise, but I agree for the fully 100% with luv2bsecure!
Thanks John for going deeper into the stuff than I did in my reply!

Pete, of course that is a sysadmins nightmare, sure!
But exactly the same thing can happen when you receive an email from a company with which you have to make email-correspondence. It is the responsibility of your own company to make this risk as low as possible!

 

An email was sent to my boss, fortunately the name was spelled wrong so it was routed to my account. I read the message but didn't open the attachment. I updated my virus sigs and scanned the attachment and it came up clean. But the message still met 5 of my criteria for a possible virus.

I emailed the message to him but explained my reasons why I thought it was a virus and asked him to contact the sender before opening the attachment. Amazingly he did! The person wasn't there, but at the end of the voicemail was a message, "If you're calling about the virus I sent you, my apologies. It attached itself to my address book."

Well,  that made my day! I impressed the heck outta my boss and probably saved myself a heck of a mess. And my boss impressed me by actually listening! All in all, it was a good day.

 

Tweakthis,
would you mind to share your criteria with us (although it might be off topic here, so feel free to start a new thread, maybe in the virus-section of the forum)?
It looks to be a good topic to me!

Thanks!

 

Yeah I would also like to see Tweak's criteria.. of course I haven't checked the virus section yet so I'll hafta go do that.

Anyway I do agree on the part about the executives having much more freedom with the net connections, etc... But what can you do about that? They also have tend to have more rights as far as using company fleet vehicles, etc... Then again they usually are where they are because they've worked to get there. Just because people are in very high positions doesn't make them bad. Sure, sometimes someone gets there because of something crooked or a family conenction, etc...but I think that overall most upper-level execs are there because they know their business and work hard. My father was born on a farm inIllinois and had to milk the cows before he went to middle school in the morning, and he was the first in our family to ever attend much less complete college, and he worked his way up the ladder to become the Chief Financial Officer of a rather large hospital. Admittedly, he isn't so good at using computers at all ;-)

I hafta agre with spy about the constitutional issue... the computer/network/software all belong to the employer and I feel if there is conflict then they are not out of line to tell you "fine then don't use the computers at all any more."

 

oh BTW I hafta add this, I'm impressed this is the first forum where I have ever seen such a long discussion with such differing opinions without people calling names and slinging mud, etc!  

 

Hey detox: I just have to say that's one thing that has impressed me about this forum. It seems like there doesn't seem to be a lot of flaming. Sometimes when someone feels really solid in their position they can sound intolerant without really meaning to, but I don't even see much of that. This is a great place for discussion on all kinds of topics. I haven't even made my way around all the categories! Impressive.

 

Uh... I believe this applies to the employer at the workplace and to the employee at home.

 

I agree with Pete, with the addition of; the rules and surveillance measures, if any, should be published and presented to the prospective employee as conditions of employment.