Legality of monitoring networks?

[MazerZA]

My work wants to start monitoring all of the internal networks and what websites we visit. Now I really don't visit any bad sites or download things, but to me this feels like a violation.

Now I know that there are Facebook users (in our company almost no one uses it) etc, but my concern is violations with regards to banking privacy and such things.

Monitoring in any way isn't written into our contracts. Is it legal for them to just do so?

 

[Leostar]

Well it is their time and money is it not? Are you not employed to do their work on their computers? Be glad that you have a job. Me, I would have done this long ago.

I once consulted at a company. All their disk space was used up and overnight programs could not run due to lack of disk space. Upon investigation I found that over 50% disk space was used for hair care products etc that had nothing to do with the company.

 

[Mars]

Who does the network belong to? Them. Its theirs. They have a right to monitor what goes on. As a standard you should not use your work computer for personal use unless agreed on before. This also applies to laptops.

Besides, unless they have some kind of VNC type thing installed onto every computer (that would take a whole nother person to administrate and monitor), they will most likely only monitor what websites are visited and how long you spend there. They should not be able to see the actual content, such as passwords or statements.

Is this about bandwidth or productivity?

In large company's just by spending 1/2 an hour per day on a social site can cost the company a grand a month in productivity for a R10k level employee. 10 employee's = R10k. So while 1/2 an hour is not alot, R10k sliced of your bottom line is.

Now consider that some people spend 2 hours plus? Those numbers can easily go up to 45 or 50k.

 

[gregmcc]

Perfectly legal - its their infrastructure and data and they can do what they like with it. They do have to inform the users that they are being monitored though.

 

[Gadget Man]

I had this issue and had to deal with it. When I employed my staff, we didn't have a "acceptable use of the internet" policy. I initially did not mind, until it started using disk space (mainly backup drives being exhausted) and my normal monthly cap being exhausted early. I brought up the issue in staff meetings, and we agreed that it will be unmonitored, and that private use of the internet will be done during the lunch hour. Very little change occurred, and I then started monitoring with agreement. Very interesting stats. Private sites (including Facebook) being visited at all hours during the day. Sending of large emails with pics, up to 20 MB per mail. I then decided after extensive reading that employers have a right to monitor and take away the privilege of private access to the internet. It was done ... got lots of uphill about me unilaterally changing conditions of employment ... this argument does not apply.

My normal bandwidth use was 3 GB per month ... and it went to 12 GB, with the addition of one extra person. It's not the bandwith cost that matter, but rather that the person must have been spending work time browsing / downloading stuff.

 

[Obelix]

My work wants to start monitoring all of the internal networks and what websites we visit. Now I really don't visit any bad sites or download things, but to me this feels like a violation.

Now I know that there are Facebook users (in our company almost no one uses it) etc, but my concern is violations with regards to banking privacy and such things.

Monitoring in any way isn't written into our contracts. Is it legal for them to just do so?

As long as you use your work's equipment , dont expect ANY privacy. Your company may monitor anything you do without notifying you about it.

And dont be a dolt - your banking is encrypted.

 

[ambo]

my concern is violations with regards to banking privacy and such things.

Banking communications are encrypted along with any other 'https' site. They will be able to see your computer communicating with the banking server, beyond that they will not be able to view any of the content of the communication.

Monitoring in any way isn't written into our contracts. Is it legal for them to just do so?

It is illegal to intercept third party traffic on a network... but they can write terms into your employment terms that they will monitor your usage of company infrastructure.

 

[MazerZA]

And dont be a dolt - your banking is encrypted.

Thanks, toss.

Banking communications are encrypted along with any other 'https' site. They will be able to see your computer communicating with the banking server, beyond that they will not be able to view any of the content of the communication.

What I mean by this is software which allows an admin to physically view what is being done on your desktop?

 

[Obelix]

Thanks, toss.


What I mean by this is software which allows an admin to physically view what is being done on your desktop?

is your password 5 *'s ???

 

[Leostar]

Thanks, toss.


What I mean by this is software which allows an admin to physically view what is being done on your desktop?

Yes there are such software. A Bit like looking over your shoulder. Remember big brother is watching you and we dont do that here Windhoek lager add

 

[MazerZA]

is your password 5 *'s ???

I think you're missing the point here with what I said in my previous post. Yes, passwords are displayed with a • , but not what's in your actual bank account.

But anyways, thank you all for the info - it's been helpful.

@Obelix - thanks for the tiff. Made me smile (no hard feelings)

 

[ambo]

What I mean by this is software which allows an admin to physically view what is being done on your desktop?

My dad's company uses a very useful piece of software that logs the amount of time that various applications are open and the time that each window is highlighted. This is very useful for monitoring productivity and also for generating time sheets.

If they are wanting to load screen capture and keylog apps then I would question if they actually know what they are doing. This would be a serious security hole for the network - nevermind the privacy issues around getting access to (for eg) banking pins and passwords.

 

[Other Pineapple Smurf]

Agree on its company time, company property! Our office has very strict policies on passwords. We all have to use the same password on internal desktops. Everyone is allowed access to your PC - but, we respect each others privacy and as a courtesy we ask before we log in to some elses desktop.

 

[thisgeek]

If there is no previous notice of intended monitoring, the company is required to get a signed acknowledgement that the terms have changed.

The company I am "consulting" for are demoing software called IP Guard. VERY scary what this product can do. Basically you remote deploy an agent to a PC, and from the IP Guard console you can view EVERYTHING that a user is doing, including periodic screenshots. It captures emails, IMs, websites visited, etc. It has tons of information.
NOTHING you do is private.

From a forensics point of view - IE, you need to monitor someone who you suspect is doing fraudulent transactions - it is excellent. But from the perspective of privacy infringement, it is incredibly scary.

 

[Obelix]

@Obelix - thanks for the tiff. Made me smile (no hard feelings)

Gosh