It is likely that over the next few months the great debate on electronic (and probably other forms of) privacy is going to heat up. The war we face may be just as much about electronic information (particularly economic) as anything else. At the very least, that is a contention the government and a number of financial institutions are going to make.
Why write about this on a site dedicated to networking? First, because it is the IT Department who will need to advise their companies on the deployment of monitoring software, be it checking e-mail, hard drive data, Internet activity, or even keystroke capturing. Second, and more importantly, because it is often the networkers who are put into the position of actually monitoring the traffic and the data itself.
Clearly, this is a Bad Thing. It puts the networker into the position of seeing sensitive material. The next time that the company investigates insider trading or some such, someone is likely to realize that this poor soul in the IT Department was privy to the information as well… Next, and more important, it widens the rift between the IT Department and the end-users. That’s something to avoid.
Rogue Tech Support
I have always been a great believer that the MIS folks should be thought of as an elite service group, and not TechnoLords. (I like trying to coin at least one term each editorial.) Where TechnoLords rule, small bands of dissident Tech Support wannabes appear — usually among the staff of the organization. This can be dangerous, since for all their good intentions, amateur techies can cause more harm than good. It also takes away the ultimate authority that you require regarding system resources, installed software, and delayed alerts from the users of your nodes when something appears amiss. You really don’t want unauthorized peer-to-peer networks popping up, especially when there are threats like the Nimda worm around to exploit them. In short, you are no longer in control of your network.
(If you happen to like the idea of having local tech support for workgroups outside of your department, make them trustees, of a sort. Get them to buy into your agendas, and supply them with the software tools they need. These folks can come in handy when you need to deploy people to all workstations, for virus checking or whatever.)
Advise and Content
While it has been made clear by the courts that companies can monitor the surfing activity, e-mail, faxes, phone calls, and even capture every keystroke typed by their employees, it is still debatable how wise it may be to do so, and even further, who the appropriate personnel are to do it.
In a land where privacy is (rightfully) given so much importance, why don’t the courts protect it more? This is not a simple question, and the best answers that I’ve heard seem to say not that the courts condone this kind of snooping, but that there’s currently no constitutional way in which it can be implemented.
Aside from privacy issues, I have always felt that if employees *know* they’re being spied upon, their performance will ultimately suffer. More often than not, there’s a chill factor, and the policy can eventually contribute to poor morale. In more corporate terms, productivity may suffer.
Yet I can understand the some of the justifications that a few companies put forth. For example, in financial institutions, there is great concern about insider tips and trading. Therefore, I think it is necessary for enterprises to deal with their policies in a more conscientious manner, and not just use these techniques because it’s possible.
So don’t allow yourselves to be put into the position of being Big Brother. This is a task for other high-level executives who already have to deal with sensitive information, such as the CFO’s office, or Human Resources. All you need to do is enable them to receive and read the ensuing reports and data. Then your hands are clean, and your relationship with your users isn’t compromised.