I have been thinking hard about this since my meet up with my friend last night.
He was griping to me that his boss is a real pain.
Micro managing everything.
I go like... okay... same old gripes each time we meet.
Then something he said caught my attention.
His boss is actually sniffing all his emails. And not just listening to them on his computer. He is also replying to them on his behalf at times as well.
How does he know? When the reply from the sender is cc to him. Looking at the history of the mail, his boss replied to the mail and did not inform him. And the best part of it is, he was not in the mailing list of the mail to begin with!
Then he found out that his boss also keeps tracks of the internet traffic as well. Key logging every computer in the lab and monitoring all the key logs.
That means that when you sign in to the web mail or anything secure site, he knows which site it is. And even the passwords to those site. Cos the key logger logs everything.
He said he found out cos during on of the meetings, his boss mentioned about things that he did not share with the company. Things like his credit card numbers which he used to buy a gift for his girlfriend during lunch for some special occasion.
Is this ethical?
Is it breaking the law to be key logging your own employees?
Are they allowed to even do what they do?
What would you do if your boss were to do the same thing in your office?
[question posted by ahgong]
responses and comments:
If my boss do this,i will tell him 'you are no right to do!',i think it's illegal,fortuately my boss don't do at all [zhaosonghan]
No one is going to laugh at you. There is no reason to. That is your opinion. You are entitled to it. At least I know now that you find it acceptable that your boss can reply to your emails on your behalf. As long as it is related to work rite? [ahgong]
personally i won't use my office email for private stuff. i also won't use my office computer for personal stuff. since the computer belongs to the company, my boss has every right to track my mail or keylog my computer. however, i'd stop at checking on credit card numbers. that is really sensitive information and his boss and no right to record it. key logging per se is not an offence. it just depend on what the person do with the information. if your friend's boss uses his credit card number to buy something, then of course it is illegal. my take on this is your friend's boss is trying to send a message to your friend. maybe he should stop doing personal stuff on office resources. not every boss is like that but maybe your friend's boss doesn't like it. cheers ;p [applefreak]
it's really bad luck to be caught in such situations. however, the law doesn't really protect the general public. looking back at the history of why law was enacted and you'll understand. it was to protect the haves against the have-nots. look at the different offences and you'll come to realise that most are about taking something away from a person. be it money, property, health or reputation, it's about protecting people who have things. guess we'll just have to work harder to get ourselves into the class of haves instead. blink [applefreak]
If he's responding to emails cc to him, he should also send cc to your friend so there's no double sending of information and that it won't appear to the one where the email originated that something is wrong with their relationship. Aside from that, the boss has no right to know the passwords and even snoop on each and every email which are not his concerns. Your friend must inform the HR regarding this to know his rights. It's like opening a personal mail of somebody else. His being boss is just bounded by their work and not on their personal affairs. [spyjob]
If only it was that simple. According to my friend, he is out to make things difficult for the whole team. He and the Project lead are in cahoots! I find the way he manages the team pretty weird. I sure hope my friend is giving me an accurate picture of the situation in his office. One thing for sure, after the recent episode, I am also condemning this company! [ahgong]
I think it is unethical to really track every single transaction you do on the net. I think that is simply wrong that every move of the employee is tracked and password gathering is also very unethical of him. I think taking control of the internet like blocking certain sites so as not to distract employees from their work is acceptable but snooping on everything they have is just not unbecoming of a superior. I guess he is just not a good leader at all. [rsa101]
ha ha ha ha ha... if only it were that simple. Being low on the hierarchy has a lot of disadvantages. And the worst part of it, his boss will definitely take his word over a newbie like my friend. Anyways, I am glad he got out of that job. He is looking at better prospects now! [ahgong]
Geez, is this in SINGAPORE? This is definitely NOT ethical and condemnable! I recognize the need for companies to log certain things - such as sites visited and even emails. I think most companies do it though they don't bring the fact out in the open and bray about it like a donkey that has just learned how to fart. But a line has to be drawn somewhere. For instance, passwords for one should not be logged. If your friend made an internet purchase using his credit card, then that might be logged because the system is just logging non-password information - who knows there is a credit card number there? However, all this information should be analyzed only when an employee is suspected of wrong doing. I honestly can't believe his boss would throw around his credit card numbers casually - that is akin to admitting to theft. If his card was misused, that boss should be the first to be hauled in for investigation. And talking about answering emails on his behalf, that is outright sick. Where lies privacy? And did that donkey hire your friend as a staff or non-human robot? Let me get this right - we are talking about a ahgongfren@donkeycompany.com email? If so, then no one can reply to the emails to this account except ahgongfren! What the donkey did here can only be excused if it was an e.g. sales@donkeycompany addressed manned by your friend. Then it is perfectly fine. I think your friend should talk through the issues with his boss and change things for the better. If he doesn't want to do this or if his request for human decency and privacy is rejected, he should start scouting for a new job. He might also call one of the papers to expose this unethical boss - but that would quite possibly break his rice bowl. [lordwarwizard]
Exactly! The great injustice that was put upon him! I feel for him as well. After listening to his story, it makes me afraid to change job liow. [ahgong]
wow that that sucks. i don't think i could work for a company that does that. i am not on here doing anything like looking for a new job or selling company secrets. but i don't want my boss coming back to me asking me how my son is doing because she read in a email that he was not feeling well. that would really get to me and i would not want to work there [34momma]
Yeah... it does get a little creepy doesn't it? I mean, I understand that a company has the right to track the internet traffic and the emails that goes in and out of the company. But these records are usually not opened to be viewed unless an investigation into suspected fraud or foul play is opened. To have a boss who read and listens to all your network traffic is really scary! And down right invasive IMHO. In fact, I find it totally unethical! [ahgong]
As far as logging websites your friend goes to yes the boss has a right to log that. However, if the boss is disclosing cc info in meetings with other people that is a big mistake. If you friends cc gets hijacked the boss would be on the hook for fraud because he is the one that told people that information. The boss maybe trying to embarass your friend into not using the computer for personal use but that is the wrong way to do it and your friend should go to HR. There are certain things the boss can and can't do. Also, I don't think it is ethical to track passwords or respond to emails using someone else's account, I think you friend should take this evidence to HR because the boss is impersonating him by answering emails under his account name and that is wrong. [barrudaki]
ha ha ha ha ha... I think you got a little mixed up there. The scenario is this. My friend send an email to a colleague of his to make some inquiries with regards to the project. A few mails was exchanged between him and the colleague. The boss was not in the address list during the exchange. Then suddenly the boss replied to one of the emails that was suppose to be between the colleague and my friend. Using his own email address. That is how my friend know that it was the boss that replied to the email. And it was a good thing that he is talking and discussion about work. Can you imagine if they were gossiping instead? Then comes the big slap in the face about the CC. I mean, I know that every company tracks the site that an employee goes to during office hours. But to the point of keylogging the computer he is working on? That I find is too much! Cos usually when you sniff the network, if the site is encrypted, you usually do not get to see the information being sent. You only know that some information is being sent. Unless you tell me it is possible for a person to have ALL the encryption key available in the market, it is near impossible to see encrypted information so easily. [ahgong]
Well it is a little hard to reply to this because I dont know all the particulars but. Most employers do not want or expect you to use the company computers for personal business and actually since the computer in fact belongs to the company and not the individual he has every right to monitor its usage. Most companies put out some kind of notice that the computers are to be used for official business only and everyone knows it really. Just some people tend to use it for their own useage and then complain when the company cracks down on them. Prsonally if I thought the company was doing something like you mentioned I would not use the computer for my own use. Not sure about legality but I think they are completely within their rights to monitor as they see fit particularly if they think the machines are being misused. After all all kinds of things could be going on everything from selling company secrets to espionage activities. How would you feel i something like that happened in your company because the compny did not monitor in any way?? [eeyore39]
Sorry my toungue got in the way of my eye tooth and I could not see what I was saying. LOL I think you said he has found another job. Probably the best thing for him. Unfortunately the boss will continue his evil until someone throws him out the window. [eeyore39]
Unfortunately, we have in many business establishments the belief that the employees' time belongs to the employer and so there are keyloggers often placed on the computers to provide the employer information about what is going on during company time. Typically there is some written notification that is provided to the employees about the fact that the computer belongs to the employer and that there is some ability of the employer to regulate and control how the computer is being used even if the words: "Key Logger" are not used in that written notification. Typically, employers do this kind of thing after some past employees have violated company policy and have used computers inappropriately either by using the computer for personal business which is in most places, a no-no or by sending emails out which negatively reflect back on the company or by wasting time on the internet or visiting porno and other sites which are seen as being inappropriate... Typically the employers do not act like spies without having a problem in the past. It is draconian and frankly, I do not recommend this kind of behavior. I also do not recommend using the work computer at all for personal browsing, etc. without permission and would not ever use a corporate account for emails that are not work-related as that would offer the emails no protection against being picked up and read by my employer. I will say though that if you are using an account like Earthlink or Yahoo or Hotmail or Google and are not using the corporate email account but your own peronal email, the employer must not attempt to check your emails or read them as that would be illegal even if you are emailing on company time. http://www.usatoday.com/tech/news/techpolicy/2008-06-19-privacy-work-communications_N.htm?csp=34 [whiteheron]
That is the very problem. When my friend was hired, no such notice was made. And when he used the computer for his purchase during lunch time. Mind you, it is lunch time. And lunch time is PERSONAL time. NOT COMPANY time. And he did not surf the web for anything other than to find information about work during COMPANY time. SO there is no reason for the company to object. Moreover, he is meeting his deadlines and completing his project milestone according to the time scheduled in the project dateline. So there is no reason to persecute him like that. Also, if there must be a clear distinction between company time and personal time, then this boss is one heck of a donkey hole! Cos my friend also told me he has a knack for eating into your half day leave when you apply for one. For example, if you took a second half of the day off due to some personal commitment, you would expect to leave for your half day off by latest, after lunch right? Given that a typical work day starts from 8, break at 12 for 45 mins for lunch, and ends at 6. This boss will literally come up with some testing or job at the last minute and will hold you back till about 3pm or 4pm before letting you go for your half a day leave! What justice is that? He can eat into the personal time. But the employee cannot eat into the company time? How about overtime due to some tight deadline that is promised by the boss to the customer? Datelines that are impossible to meet if you do not work overtime? Are those considered personal time? or Company time? [ahgong]
I have to say right now that I do know that there are companies that do monitor internet and computer usage, however, I think he should consult with a lawyer about the logging of personal information like credit card and things like that, however, all I can say he should do is report the breach of security to his credit card company and then make sure he never uses a work computer for sensitive or personal work, if he has to do that, he should use a personal computer, or even a PDA or cell phone, or just wait until he gets home. But the boss could have been alerting him tto that he knew, in case there is a company policy that the computers not be used for personal use at all. As far as the work email, I would assume that maybe he felt he needed to control the situation, The logging of personal information like credit card numbers is very disturbing, as if he logs them and stores them then if anyone were to break into the main system, all that information would be compromised. There are no easy answers but I do know this, the law tends to protect businesses and individuals, my wife and I have seen it time and time again. DM [damucci]
Precisely. It is because he is logging and storing the credit card numbers that is disturbing. And consulting a lawyer means money! Something that my friend is not able to afford. So what he did was to cancel the card and re-apply for a new one with a different credit card number. I know that a company reserves the right to monitor the activity of the computer that it owns. But the information collected from this monitoring should not be so freely or loosely accessible to people to read it. Unless there is an investigation into fraud or foul play due to violations of company policies, there should be no reason whatsoever for people to be reading these information collected! Agree? [ahgong]
Actually it is quite legal for a company to track your movements if you are using company time and/or equipment to do things online. However they are not allowed to share personal information such as credit card data or reply to emails on your behalf. Any time you log into a website you leave a "footprint" which can reflect on the company. Security and image is very important to a company. If you are bothered by being "watched" while online then don't do it. Wait until you get home and use your own computer. Unfortunately this is how things are now. [nova1945]
Well, in the context of this discussion, boss was referring to the head of the department. As the department is small, it consist of only the team and the team lead. Which is also the department head. That is why he is referred to as the boss. [ahgong]
it is unethical. we have a right to opur privacy and if he does not want them to use the internet, he should restrict the sites and not put on keyloggers. obviously he has the intention of trying to use the passwords, and the cardnumbers. he is stalking his employees! for goodness sake. i think the employee can charge his boss for this. if this was done to me i will definitely sue him and will have him pay for it. [chiyosan]
Unless you can get your hands on the logs that he see. Or you have evidence to prove your allegations beyond reasonable doubt. Other wise, don't waste money and time. You will never win this in court. It is like an egg (you) trying to take on the rock (the boss and the company). Who will win? No one is going to stand on your side when things go ugly. Especially not for a newbie who just joined the company! Agree? [ahgong]
Actually at work the company has every right to monitor the activities done on their computers. If it is work related or not the boss is privvy to the employees emails as well. Now, were the credit cards his personal card, or expense cards given to him by the company? If it is a personal credit card, the employee does not have to divulge that information to the company. But then again, he is using the companie's computer. A PC is personal if it is yours. At my previous company we were told that our computer usage would be monitored by IT, because we are supposed to be working not doing personal things on the computer. I do not think there is a law to protect an employee who is using the companies computer. A computer at work is a tool used to get your job done, not to be used for personal use. A lot of companies are getting really strict about how their computers are being used. If my boss was to do that to me, there would be nothing I can say or do, because I am a paid employee and must conform to the company policies. I know a company executive who was fired because he was emailing to a co worker love letters. They were able to see his activities at work, and fired him because he was abusing his use on the computer [sudalunts]
That is a little harsh isn't it? Is he reported for harassment or anything like that? Is his emailing of love letters affecting his performance on the job? Why wasn't he given a warning before being fired? I do understand that the company reserves the right to monitor the activities on the computer. But to the point where the boss can extract CC information, that is scary. And to me down right unethical. You are telling me that no one uses the email to surf the web for something other work every once in a while? I am sure there are guidelines on things like that. It is a matter of whether those guidelines are made known to you or not. If it is made known to you, and you still go ahead to use the computer for personal stuff, then you are asking for it. But if it is not made known to you? Does it still applies? [ahgong]
I think it is ethical and okay to keep track of where the employees are going on the internet at work and keeping track of that. I have worked at a few places that say they do that. But reading and replying to somebody elses e-mails doesn't seem right. I don't think that is legal. hmmm...it kinda seems that the boss is stepping over the line and his position of power is perhaps going to his head...If my boss was doing this I would probably ask him to stop. I'm sure that wouldn't work so then I would probably eventually quit. Feeling that my privacy was taken away at a place I feel that it shouldn't be threatened, and with the information he has. I'd be afraid what he'd do with it. [mlhuff12]
Precisely! I am sure there are boundaries to where the boss can go and where the employee stands. And if those boundaries are broken by someone who is higher ranked than you, what kind of recourse do you have? Well, other than quitting, one can only grit their teeth and toe the line till the day they cannot take it anymore. [ahgong]
There are things that are personal and there are things that the company can access. I think he should not use his company email for personal things so that the boss have nothing to see from there. Tell all his friends to send their mail in his personal mail that he will only chech outside the office. I think, this is the time when he should not use the office for his personal mails or transactions because his boss is lurking t his computer activities. [everlasting]
Yep. After he is aware of what the boss can see, he would not even go to the internet for anything. It is either books or local references for what ever he needs. He was telling me while he was working there, he feels like a trapped mouse. Or a fish in a glass aquarium. Every movement is being tracked and monitored. So uncomfortable! [ahgong]
This will be invading ones privacy. I would be furious if this happened to me. In our work each of us have each his/her own computer and our boss never bothers checking it out or going through it. I think it is very unprofessional to do such a thing in trying to meddle with other peoples stuff. Your friend should have sued him for invasion of privacy. [p3halliwel2005]
If only it was that easy. You must get your hands on the logs that he see. Or get people who are willing t testify on your behalf. As a newbie in the company who is sitting at the bottom of the staff hierarchy, do you think he have access to either one? Not that easy to sue even if he wants to. On top of that, it is not a sure win situation. And to spend money on such a jerk knowing that there is a high percentage of loss, why would my friend want to do that? [ahgong]
Wow i think there is some serious privacy invasion there. Unless the company policy is that you should not use the company computer and internet line for anything personal at all. Then i guess everything personal you do online, you can expect your boss to track and know. If you are fine with that, then continue using by all means. this must be quite a small SME. cos i can't imagine anyone talking about credit card numbers of an employee. why would he bring that up in a meeting anyway? how would he bring it up? did he write down the numbers? memorise them? totally weird and bizzare. [squaretile]
Yep. The information was brought up during a staff meeting. And it is scary that the boss has this kind of access to the information that is being used on an internet. And what is more, the site my friend keyed his information in, is suppose to be an encrypted secured site. First of all, it is scary that the boss has this kinda access to the information that is collected from the monitoring on the network activity. Secondly, it goes to show that he is spending his time scrutinizing such logs rather than focus on managing the team and the projects at hand. Thirdly, the wanton disregard for the way the information is used. Even if the boss is trying to warn my friend of the level of monitoring that is being done, he shouldn't be bringing this up during a staff meeting. Telling all the thing he bought for his girlfriend and mocking him because of it. I mean, my friend only did it once. And it is due to the fact that he is trying to rush the work to complete the project in time to meet the date line. AND due to this he is always staying back late to meet the demanding requests. And every time he worked late till all the shops are closed. So he got no other choice but to buy the item online. And due to this one time, he is make a fool of? I feel there should a line drawn between getting the job done and abusing the company resources for personal gain. No? [ahgong]
I would think if this boss person is responding to e-mails as if he is the original recipient of the e-mail then he is committing fraud. Now if there are rules about personal stuff on work computers then your friend could be breaking the work rules and the boss has a right to know that but he doesn't have a right to be collecting passwords or any other personal information on his employees. The employees may need to all get together and report this jerk to his supervisors before it gets any worse. [mlh8087]
Well, according to my friend, everyone who came into the company, left after they found out what the boss is doing. And the boss is sort of next in line after the CEO. So there is nothing much anyone else in the team can do. He also said that according to his team mates, the team has changed a few times prior to his entry into the company. Now that he is out, he is so much happier! And we get to go out to our regular coffee sessions again! [ahgong]
I think while his bos do have a right to know what he does on work computers it has gone too far with the private information. And if the boss cna see it, so cna others and steal his identity, I think he should find otu about his rights in this regards....and be VERY careful what he puts on public computers in the near future [gtdonna]
Well, after that one time that he did use the computer for a personal reason, he never used the computer for the internet again! Be it for work or not, he would rather refer to reference books and local help files than to risk being accused of abusing company resources. [ahgong]
Here in the US, employers do have the right to know what you are doing on their computer equipment. They can, and do, monitor your email usage as well as your Internet usage. But, if anyone were to take private information they came upon while doing that monitoring and either used it or shared it with others, as your friend's boss seems to have done, that is a violation of the law. Not the invasion of privacy, because there is no real expectation of privacy at work, but more of an identity theft or identity violation thing. If I were your friend, if he hasn't done this yet, I would IMMEDIATELY report my credit cards as stolen and get them replaced!! And, then NEVER again use them while on the office computer!! [jerzgirl]
Oh yes, that is exactly what my friend did. He canceled his card totally. Then re-apply for a new one with a different card number just to be sure. And he swore off using the internet there after! Not even to research for work related stuff. [ahgong]
ahgong,i think it is really inconvenient if the boss check our emails.So for me, i always use my personal mail inbox if i contact with my personal friends,not on work.I don't want anyone to check my private information,including the boss if there are no things on work.of course, we have the public working mail daily. Additional, i will set up a personal login password into my computer.so no one can login into my pc except he get the password.lol good luck happy happy [successlog]
I am sure you are not the only one who separates private mails from work mail. The problem is my friend is kept on his toes busy with work that he hardly have time to socialize during office hours. So much so that he got no time to go shop for a gift for his girlfriend for their special day. So he used the computer do make one purchase online. And he did it during lunch time too. Not even on company time! And he was mocked for it during the staff meeting. Which I feel is too much! Don't you think so too? [ahgong]