Forgot your password?
typodupeerror
Businesses Communications Security IT

When Big Brother Watches IT 234

Posted by samzenpus
from the cc-me dept.
bdking writes "In an effort to protect sensitive data from internal security threats, some organizations are 'using new technology to look at the language of their IT staff's emails to determine whether their behavior or mind-set has changed,' the Wall Street Journal reports. Is secretly spying on and linguistically interpreting employee emails going too far in the name of security? From the article: 'I understand the need to be aware of the attitudes of workers with high-level access to data and networks, but this strikes me as creepy. What if an IT employee suddenly has relationship problems or family issues? Will they then be flagged by HR as potentially troublesome or even a data security risk? And all without them even knowing there's a dossier being created of them and their "suspect" behavior?'"
This discussion has been archived. No new comments can be posted.

When Big Brother Watches IT

Comments Filter:
  • Prevention cheaper (Score:5, Informative)

    by Tablizer (95088) on Sunday April 15, 2012 @04:26PM (#39695291) Homepage Journal

    Wouldn't it just be cheaper to not treat workers like shit?

    • by Anonymous Coward on Sunday April 15, 2012 @04:28PM (#39695301)

      Wouldn't it just be cheaper to not treat workers like shit?

      This one's going on the list.

      • Re: (Score:3, Insightful)

        by durrr (1316311)

        If us bosses don't monitor the minions, how then should we know when they're onto our kickback schemes and other fraudulent privileges they are not entitled to know of us having?

    • by JosephTX (2521572) on Sunday April 15, 2012 @04:38PM (#39695359)

      you're confusing those types of bosses with people who see you as something more than an exchangeable cash cow.

    • by alexander_686 (957440) on Sunday April 15, 2012 @05:08PM (#39695531)

      It’s one of odd things – how do you monitor employees without draconian controls? I think the trust of these programs is not that they can detect fraud per say, but rather they can identify people and situations which generate extra temptation. It does not matter how well you treat your employees, if somebody develops a gambling addiction (see below) it does not matter how well you pay them.

      Here's another article.
      http://www.economist.com/node/21547833 [economist.com]

      In this case they are talking about detecting fraud with people who have level access to the books – think rouge trades and embezzling employers. However, from the article fraud comes from “incentive, rationalisation and opportunity”. You try to hire competent, well paid staff and put in controls. However, eventually you hit limits.

      From personal experience, I know of a case in my company where a mid level middle age employee who had been with the company for over 20 years developed a gambling addiction. Over the course of 18 months she embezzled over $200,000 from the company via hundreds of transactions. She had been around long enough to know that the individual small amounts would never trigger a review

      I would

      • by PopeRatzo (965947) on Sunday April 15, 2012 @05:38PM (#39695695) Homepage Journal

        In this case they are talking about detecting fraud with people who have level access to the books â" think rouge trades and embezzling employers. However, from the article fraud comes from âoeincentive, rationalisation and opportunityâ. You try to hire competent, well paid staff and put in controls. However, eventually you hit limits.

        One limit you hit is that mechanisms like you describe and like the ones in this article are never applied to top management and the board of directors. So, the ones who are in the greatest position to hurt the company the most are left out of any security regime.

        And if you tried to put such mechanisms in place for the top people, they would all simply refuse, and nobody is there to call them on it, because everyone else at their level has the same attitude. This is one of the biggest dangers of income disparity. When it gets beyond a certain point, the elite "break away" from the social mechanisms and requirements.

        • Re: (Score:2, Insightful)

          by Anonymous Coward

          Those are not only the people in the greatest position to hurt the company, but also those with the greatest incentive not to do so - why hurt a company that is paying you millions of dollars a year? Top management positions aren't that common that one would risk losing one.

          • by Shavano (2541114) on Sunday April 15, 2012 @07:00PM (#39696105)

            Those are not only the people in the greatest position to hurt the company, but also those with the greatest incentive not to do so - why hurt a company that is paying you millions of dollars a year? Top management positions aren't that common that one would risk losing one.

            This flies in the face of reality. In the real world, some top managers develop such an inflated sense of entitlement that they believe they are worth far more than what they legitimately earn, deserve whatever they can take and that they will never get caught when they break the law.

          • by turbidostato (878842) on Sunday April 15, 2012 @07:10PM (#39696179)

            " why hurt a company that is paying you millions of dollars a year?"

            Because they can get even more by hurting them *and* getting their golden parachutes after the havoc?

            • by RulerOf (975607) on Sunday April 15, 2012 @07:27PM (#39696265)

              Because they can get even more by hurting them *and* getting their golden parachutes after the havoc?

              I wonder if I'm the only person who hears or reads "golden parachute" and gets a mental image of a CEO jumping from a burning plane with his company's stock ticker on the side, holding on to a dozen overstuffed briefcases full of cash like he's a modern-day DB Cooper. :D

            • Re: (Score:3, Funny)

              by mysidia (191772)

              Because they can get even more by hurting them *and* getting their golden parachutes after the havoc?

              Until they get caught, and have to repay fradulently taken $$$, lose their golden parachute, and become unemployable.

              • by s73v3r (963317)

                Yup. Except this never happens in the real world. And no one at that level is completely "unemployable". Many high profile CEOs have done shitty jobs, and yet they were still able to find shitty jobs after they left.

          • Re: (Score:3, Insightful)

            Those are not only the people in the greatest position to hurt the company, but also those with the greatest incentive not to do so - why hurt a company that is paying you millions of dollars a year?

            Um, because? Seriously, you make it sound like it's a well considered and rational action of self-destruction to become a gambling addict and to start embezzling money. Sure, there are rationalized steps in the process to reduce the risk of getting caught, but one presumes that all employees are only really th

        • by alexander_686 (957440) on Sunday April 15, 2012 @06:21PM (#39695913)

          In my experience, as you move up the chain of command, any formalized controls become more stringent – not less. In my case, every level I move up in the company I have to disclose more, with the CEO having to disclose the most.

          On the other hand, I have found misalignment increases. CEO’s don’t (normally) need to commit outright fraud – there is a host of grey areas to exploit.

          The corporate jet is a classic example. It helps the CEO meet with clients, survey the business, saves time, etc. All of time & money will be well disclosed in the annual reports. If the CEO uses it for personal reasons, he has to pay it out of pocket. So everything is above board. Yet, who do a disproportionate number of CEO schedule official trips to Aspin during skiing season and during the summer?

          • by PopeRatzo (965947)

            In my experience, as you move up the chain of command, any formalized controls become more stringent â" not less. In my case, every level I move up in the company I have to disclose more, with the CEO having to disclose the most.

            There's disclosure and then there's disclosure. I'm not sure which company you work for, but the bigger the company, the more likely you are to see a great divide between the regime for the elite that the one for everyone else.

            Look at banking. The ethical behavior expected of

            • I work in a large financial institution. (Not banking, but close enough. And thankfully we tend to be conservative so the crisis did not hit us semi-hard) As for book recommendations, sure! What books would you recommend?

              I would recommend “Reading About the Financial Crisis: A 21-Book Review” at http://www.argentumlux.org/ [argentumlux.org] It’s good. I have read the majority of books on the list and I enjoyed Dr. Lo's review.

              And what do you mean by:

              Look at banking. The ethical behavior expected of a tel

              • by HiThere (15173)

                I believe that you are far too charitable, and from where I sit it looks like there was systematic and intentional fraud from almost the lowest level up through the boards of directors. Often I can't offer a even semi-sound proof that it was fraud, other than "Only a moron wouldn't *know* that would result in deceitful transactions!", but if they knew about it, it was fraud. And I doubt that there are that many real morons in the finance business.

        • by dbIII (701233)
          I've seen it applied in theory to those at the top, and the poor sod that took the report on porn downloads by a manager to another didn't return and somebody else came to clean out his desk for him. IT security can get very "political" and in a less than pristine environment you can lose your job if you do everything by the book.
          I'm lucky that I'm in a place that doesn't even attempt to enforce external restrictions beyond the letter of the law.
      • by tirefire (724526)

        Over the course of 18 months she embezzled over $200,000 from the company via hundreds of transactions. She had been around long enough to know that the individual small amounts would never trigger a review

        How was she eventually caught?

        • This does not reflect well on my company, but it’s was the bank she was depositing the funds in that figured it out. Normally I have a low regard for anti-money laundering techniques that the banks use, but it worked here.

    • Not as cheap as valium though.

    • by c0lo (1497653)

      Wouldn't it just be cheaper to not treat workers like shit?

      Even if so, based on what the company is doing, it may not be enough.

      TFA is based on (and links) another FA in WSJ [wsj.com]. Guess which company is the first to be quoted in regards with the tech? Diebolt, which seemed to be more interested on maintaining its face [wikipedia.org] instead of the quality of their products [wikipedia.org].

    • Wouldn't it just be cheaper to not treat workers like shit?

      Maybe just talking to them would do the trick.

    • by CAIMLAS (41445)

      You'd think so, but not treating employees like shit means:

      * hiring more of them
      * hiring more competent people
      * hiring more managers

      In my experience, there are two distinct ways in which people respond to being treated like shit (at least in IT, because that's what Iv'e got experience in):

      1) They knuckle down and take it, even becoming willfully and blissfully ignorant of what's going on around them. Their work performance and communication don't really change, though they're really not doing all that much

  • Who manages it? (Score:5, Insightful)

    by GeneralTurgidson (2464452) on Sunday April 15, 2012 @04:32PM (#39695325)
    If an HR department can install and manage software that interfaces with a companies email without IT knowing about, that company has bigger security concerns. If IT manages it, IT can circumvent it.
    • Security (Score:5, Informative)

      by nurb432 (527695) on Sunday April 15, 2012 @04:51PM (#39695451) Homepage Journal

      The it security team trumps the it sysadmin team.

      • Re:Security (Score:5, Interesting)

        by JDG1980 (2438906) on Sunday April 15, 2012 @05:02PM (#39695507)

        The it security team trumps the it sysadmin team.

        This assumes a rather large company. Many organizations have one sysadmin who handles security issues as part of their job duties, or just a handful of "IT guys" who more or less handle everything. The library I work for has about 100-150 employees total; the notion of a separate "IT security team" and "IT sysadmin team" is ridiculous for an organization of this size. Our IT department is 6 people total.

        • I think if we are talking about a company that is using this sort of monitoring software it is safe to assume it is a rather large company.

        • Six people in an IT? Hopefully that only includes one admin, one lvl2 helpdesk guy, and the remaining four devs and data entry types. If those six are purely admins and heldesk, something ain't right. Too much bloat and inefficiencies going on.

          • by RulerOf (975607)

            If those six are purely admins and heldesk, something ain't right. Too much bloat and inefficiencies going on.

            Quite the opposite with my last job. Granted, there were four of us, but we all shared those duties to some degree depending on what we were best at handling. And it wasn't because there were too many of us to establish a proper set of tiers; rather, there were too few of us to do so.

            The company did telemarketing. As a result, EVERYONE who was employed there, with the notable exception of the janitors, used a computer. So when including the programmers and CIO/CTO, we had an IT staff of about 9 people

          • by Xugumad (39311)

            Wait, where's your level 1 helpdesk!?

            Seriously though, it depends on what you're doing with your IT infrastructure. If you're doing nice simple predictable things, yes you're going to be happy with a small team. On the other hand I work in CS research and with 4 sysadmins the infrastructure is still the wobbliest thing going because there's so much damn weird/esoteric stuff going on.

            • The larger the organization, the more diversified of a skillset you need. So while a fortune 500 will require teams of lvl1 help desk folk, a small business of 50 employees only needs one admin that also fulfills the help desk role in every way possible. For an organization of 100, the need for a lvl1 help desk isn't needed unless you have complexity issues and no security standards in place. A good sysadmin can make a lvl1 help desk position obsolete in that case. In some cases, a lvl2 help desk jocky can

        • by dbIII (701233)
          It is a large company problem. Smaller companies can't afford to expend such resources or don't have much to secure and larger ones have people looking for various bullshit to fill in time so they can justify headcount. Thus IT security, which tends to work in bursts with their core tasks (IMHO), can fall into the trap of bringing in unneeded features/tasks to fill in the downtime.
    • I don't know about your company, but I doubt if my HR department has ANYONE capable of installing anything, let alone secret sniffing software that's hiding on a server they don't own/control/have access to.

    • by mysidia (191772)

      If an HR department can install and manage software that interfaces with a companies email without IT knowing about, that company has bigger security concerns. If IT manages it, IT can circumvent it.

      Most likely a subset of the IT team responsible for network security manages the software. In other words, there are probably a few senior members of the IT team that are assigned the task of maintaining the software for HR, reporting on it, and showing that it is working.

      If one of the other team members c

    • You're hitting on the larger problem of "who watches the watchmen?" It's a bit of an inherent problem, and not one that's easy to solve.

      I've tried to explain this to people before, that one of the most important things in an IT professional is that you can trust him. He has access to a bunch of stuff, and he might have access into more than you know. You can say, "Well lock them out! Set up security so they can't access it!" But who do you get to set that up? How do you know that they did a good job,

  • by Anonymous Coward on Sunday April 15, 2012 @04:33PM (#39695331)

    What if an IT employee suddenly has relationship problems or family issues?

    There's definitely something suspicious going on when IT employees have relationships, nevermind relationship problems.

  • by PT_1 (2425848) on Sunday April 15, 2012 @04:34PM (#39695333)

    "I understand the need to be aware of the attitudes of workers with high-level access to data and networks, but this strikes me as creepy. What if an IT employee suddenly has relationship problems or family issues?"

    Not commenting on whether monitoring employee emails is right or wrong, but why would somebody use their corporate email account to deal with relationship or family issues? In a world where companies can and often will read their employees' emails, that anyone would use their work email for anything personal seems short-sited. Sign up for one of the free web-based mail accounts.

    • by Anonymous Coward

      The issue Isn't people using work email for personnal reasons, but that personal problems may change the way you talk about work issues.

      Its perfectly possible that a problem at home will change peoples mood while they're at work thus changing the language they use when discussing work and triggering the system.

      • by Shavano (2541114)

        I think this idea must be based on half-baked pseudoscience. Is there really any science that backs up the claim that you can identify whether an employee is a security risk based on a change in how they use language in work-related emails? Really

        Let's say you're a senior manager and somebody pitches software to do this to you. Do you or do you not ask for evidence that it can tell the difference between normal evolution of personal use of language and "security risks?"

        • by HiThere (15173)

          Past examples indicate that top management is much less likely to ask for evidence and proof than the IT staff. I suspect that this also applies to other specialty staff, such as accounting, technical, drafting, etc., but my only real knowledge is based on examples from IT.

    • by Anonymous Coward

      I think you missed the point. Even if you aren't using work email for personal issues if something is affecting your life, it might change your whole attitude. Perhaps you are becoming more and more short with people at work because you're not coping well at home.

      They can now see that and flag you... Even though it may not be a true work issue...

    • by tverbeek (457094)

      Who said anything about personal e-mail? Even the summary explains that they're talking about automated analysis of language patterns, not "reading employees' mail". From TFA:

      "If you start to feel differently about the company you work for and the people you work with, you'd be surprised how your language changes," .... Common red flags include a dramatic change in the length of a person's emails. For example, someone may start writing emails of half a dozen words when their messages used to read like nov

    • by nurb432 (527695)

      People do it all the time. both to outsiders and a LOT of internal non business chatter.

      People are social creatures, its natural to do it.

    • by Shavano (2541114)

      The mere fact that an IT employee sends personal emails from his corporate account indicates that the employee is not sufficiently sensitive to security issues. The employee needs to be brought up to speed on Why That Is A Bad Idea.

  • by jesseck (942036) on Sunday April 15, 2012 @04:36PM (#39695347)
    HR isn't going to install and maintain this, and many of the people this is supposed to watch will be involved. If you hire a 3rd party to install, maintain, and monitor, will you trust them more than your employees with such information? Even then, is IT going to expend infrastructure setup and maintain network services for a black box with no "critical" (since IT doesn't know about it, it can't be classified as critical- HR doesn't make that call) function?
  • by jd (1658) <imipak&yahoo,com> on Sunday April 15, 2012 @04:37PM (#39695353) Homepage Journal

    Nor is this a new complaint. Waaaay back, before many Slashdotters were born, a little-known two-tone group penned the following lines regarding abuses of this kind by governments and corporations alike:

    Why must you record my phone calls?
    Are you planning a bootleg L.P?
    Said you've been threatened by gangsters
    Now it's you that’s threatening me.

    Can't fight corruption with con tricks
    They use the law to commit crime?
    I dread, dread to think what the future will bring
    When we’re living in gangster times.

    Seems to me that nothing has changed in the intervening years. Things haven't gotten worse, the younger generation is merely seeing the problems that the previous generation did.

  • Creepy but... (Score:5, Insightful)

    by PastBlast (2617971) on Sunday April 15, 2012 @04:39PM (#39695363)
    That's why I never send personal email on the company's system. I also don't keep any personal files on the company supplied computer nor do web browsing on it. It's a hassle sometimes, especially when I need to carry around my personal laptop. And, in reverse, I never do "work" on my personal computers. While I don't think my company is spying on me, I go by that assumption because they can start at any time without my knowledge. It's my way of mitigating that risk. In general, I think it's also a good way to keep my personal life separate from work. I learned that years ago during some stress reduction workshops I participated in.
    • by jroysdon (201893)

      While I agree with this 100% (and follow it the same), why is it that upper management never have to follow the same rules? "You want me to bring a work laptop back and forth, and where would I put it?"

  • by dryriver (1010635) on Sunday April 15, 2012 @04:41PM (#39695371)
    IT Guy: Sir, it would be wise to install abc software on our system, for increased security. Boss: We can't do that right now. It doesn't fit the budget. IT Guy: What about installing xyz software then? Its cheaper and could be useful... Boss: Nope. We can't do that either. Maybe next year. Boss simply walks away. Disappointed IT Guy's email language/wording/length changes a bit as a result... HR Person: Sir, our software is reporting that XX from the IT staff is having a mind-change. Boss: Really? XX? Well, we'd better look into that. Maybe I should fire the guy outright. You never know with these mind-changes...
  • by tverbeek (457094) on Sunday April 15, 2012 @04:48PM (#39695433) Homepage

    What if an IT employee suddenly has relationship problems or family issues? Will they then be flagged by HR as potentially troublesome or even a data security risk?

    I got suddenly canned from a sysadmin job when I showed signs of irritability and started requesting half-days off here and there. Except in this case it was because my boyfriend was critically ill, and they knew that. They just didn't give a fuck.

    • Re: (Score:2, Insightful)

      by nurb432 (527695)

      You became a liability. There were others inline for your job that weren't a liability. It wasn't that they didn't care about you personally, its just the reality of business. "Caring" doesn't pay the bills.

      • Only if you are replaceable.

        Lots of people can do the same job as you do. Some do it better. Hopefully you're good enough at it that more than 50% will do it worse.

        And at the same salary (or lower).

        AND has your knowledge of the systems and the "why were they set up that way" tricks and traps so that they don't cause any unexpected down-time trying to "fix" something that is not really broken.

        • by nurb432 (527695)

          Ultimately, there are very very few people that are not replaceable. Unless you own the place or have some required skill that is unique in the world, don't kid yourself into thinking you are indispensable, and always have a backup plan.

          Sure, it might cost a little more, or take some time to get back and running, but it doesn't mean you cant be shown the door anyway.

          • by mysidia (191772)

            Ultimately, there are very very few people that are not replaceable. Unless you own the place or have some required skill that is unique in the world, don't kid yourself into thinking you are indispensable, and always have a backup plan.

            You are indispensable if and only if it would be fiscally irresponsible to replace you. Management has the power attempt to replace any employee, but there are cases that doing so would simply be an act of incompetence.

            For example, you do your job extremely well, you d

      • by Rakishi (759894) on Sunday April 15, 2012 @05:37PM (#39695687)

        And those other people are also a liability because they may not be able to do the job. Even if they can do the job it'd take them 2-3 months to get up to full efficiency at doing their job.

        Furthermore, every other employee, including the replacement, now knows that the company will fire them at the drop of a hat. In other words, they now have a signal that they may want to start sending out resumes before it happens to them. The fired person's social network will now also know that the employer is an asshole and to steer clear if possible.

        So yes, caring does pay the bills if a company cares about anything but the short term balance sheet (not even short term productivity).

        • by Kjella (173770)

          And the other way around too, people that have gone through a bad time and come out on the other side develop a high loyalty and everyone around them knows that if shit happens you're cared for. It's the kind of intangible benefit that tend to keep people in one place, salary is measurable but work environment for the most part isn't. If you've got a good one, people are reluctant to leave. At least a little up in the system high turnover is generally one of the warning lights.

      • by epyT-R (613989)

        well, if we can't expect employers to care, how can we expect employees to care...ie to not use 'short language' in emails and not show signs of 'irritability'.

      • by laughingcoyote (762272) <.moc.eticxe. .ta. .lwohtsehgrab.> on Sunday April 15, 2012 @07:09PM (#39696169) Journal

        Aside from the fact that what you're saying shows a total lack of humanity, it's also wrong.

        If I saw another employee I worked with being treated that way, believe me, I'm looking for a new job the moment I get off work that day. And then all of the training, experience, etc., that they've paid me well to develop, walks right out the door.

        That aside, loyalty is meant to be reciprocal. As long as a company is "paying the bills" adequately, a little decency for those undergoing tough times and have spent years of their lives helping to build the company is not exactly uncalled for. I have worked several places that coworkers were more than happy to pick up some slack for someone in a tough situation, especially since it was well understood they could accept the same in return. That type of environment is far more productive than one where everyone spends half the day looking over their shoulder.

        "It's just business" is not an excuse for unconscionable behavior, and it's been used that way for far too long.

      • by PPH (736903)

        And once your co-workers see you treated this way, they'll think twice about their own loyalty to the company. And when the company needs its people to put in a little extra effort to pull them through a tough spot, screw it, they're nowhere to be found.

        This whole loyalty thing is sort of questionable. You should be paid for your efforts. period. But then that works both ways. When employees don't have any loyalty to the company, they'll jump ship at the first chance. And some of the less ethical ones will

  • by 93 Escort Wagon (326346) on Sunday April 15, 2012 @04:58PM (#39695485)

    In Washington state, anyway, the email of all us state employees is considered to be part of the public record... so in theory this sort of monitoring would be relatively easy to implement. Funny thing is - as a Washington state employee, I feel less vulnerable to this sort of snooping than if I were employed by a private company.

  • I respond differently depending on who it is I'm responding to. There's the usual site wide formal email. Then there's the technical email to the bossman. There are also the jovial type that go to the close co-workers. I think you're just better off using keywords to look for "problems". If they start to use the work "fuck" or "kill", maybe have a closer look.

    • So when I turned off Server RAHRAH125 and sent out the email "Just Killed 125." that would be bad? and speak of sociopathy?

    • by wmbetts (1306001)

      have a little fun with it.

      w00t I just killed that fucking bug time to commit!

      I wonder how many alarms that would ring.

  • by gstrickler (920733) on Sunday April 15, 2012 @05:09PM (#39695543)

    ...do yourself and your admin a favor and get rid of him/her. He/she won't like working for someone who doesn't trust him/her, and you won't like constantly being suspicious.

    I've given that advice to all my clients over the years. You can extend the concept to the rest of your IT and/or security team. That doesn't mean you shouldn't take precautions, have checks and balances in place, etc, but fundamentally, if there isn't a high level of trust, deal with the lack of trust, either by discussing it until there is an understanding and trust, or by ending the relationship.

    Secretive monitoring is not the way to handle a lack of trust. The only exception is when there is already probable cause to believe a crime has been committed, then, in some cases, monitoring to gather proof may or may not be necessary or appropriate.

    • How, exactly, do you implement a "checks and balances" system when the security of the IT system is ultimately a pyramid? There is always a *god* or *root* user, and it's always going to be a technical person that isn't necessarily the business front of the IT team.
      • Multiple "gods", sort of polytheistic IT. If they're good, they'll notice If one of the others isn't doing his/her job, and they'll notice artifacts if one of them is trying to cover his/her tracks.

  • 'That the "enemy within" is the biggest threat to an enterprise is nothing new...'
    dossier's of 'suspect behaviour'
    "It has gotten to the point where we have to monitor everything everybody does, especially those working with sensitive data like the IT staff,"

    WTF? In my years in IT I've never experienced this sort of paranoid 'treat your employees like potential threats' attitude. But then I've never worked in the US. Is treating your people like humans, keeping them invested and paying them fairly just an outdated, naive notion over there?

    • by mbkennel (97636)

      "Is treating your people like humans, keeping them invested and paying them fairly just an outdated, naive notion over there?"

      No, it's considered to be a fellow traveler with Communism.

  • by Karmashock (2415832) on Sunday April 15, 2012 @05:54PM (#39695773)

    I believe this was more of an analysis. They fed thousands of time stamped memos into an algorithlim. The idea was to look for differences in speech pattern or word choice in reference to the conspiracy.

    What they found in Enron at least was that as people behaved increasingly corrupt they became increasingly formal with each other. Casual comments tended to be innocent ones where as memos concerning the corruption tended to unusually professional.

    Personally, I don't care what the company does with my corporate email. Scan away. It's so boring that I understand why they want to have a computer read it instead. And who knows, they might actually uncover a problem.

    Obviously people will be worried about false positives. But I doubt anyone is going to take the computer's opinion as gospel. Likely, the computer will just point to a given collection of emails and suggest management read those specifically. Where upon management can decide if they have a problem or not.

    • by Jiro (131519)

      But I doubt anyone is going to take the computer's opinion as gospel.

      I am less doubtful than you. Anything that can be measured, and that especially includes numbers spat out by a computer algorithm, is something that managers love to use regardless of whether it actually measures anything significant or, if it does, regardless of any caveats the user is supposed to consider before using it.

      • I don't see how this could be used against you.

        What are you thinking? That the boss will call you in and say "Tim, the computer is saying your sentence patterns might indicate deceptive behavior. Do you have something to tell me?"...

        Might a stupid boss make this an issue/ Sure. But then a stupid boss is going to make something an issue no matter what. So what exactly are you losing here. Idiots will be idiots. They don't need help.

    • by Kittenman (971447)

      I believe this was more of an analysis. They fed thousands of time stamped memos into an algorithm. The idea was to look for differences in speech pattern or word choice in reference to the conspiracy.

      Yeah, but they knew that if there was something to find, it would be there. This tends to make people look harder at innocent phrases - example "Gee, I just can't wait for the weekend". For you and me (well, me) I have things to do. For Mr Enron he has things to do. And we all know what they are ...

      Feed the algorithm a hundred different strings of emails, and tell it to pick out something fishy. Betcha it doesn't find anyone who's suspect. Or it finds everyone. Or too many false positives.

      • Sure, the real test would be reversing the system by using the model built from this test to examine other corporate memos in companies that may or may not have corruption. If it can detect it with any degree of accuracy then it's valid. At this point, it's still very young.

        They're adding this to Watson already. One of the more expensive things you can do in law is a corporate discovery procedure. It requires in some cases THOUSANDS of lawyers all sitting in a giant room reading hundreds of thousands of doc

  • by anegg (1390659) on Sunday April 15, 2012 @06:25PM (#39695933)
    Isn't the real problem that yet another non-scientific unproven analytic tool is going to be deployed in an attempt to discern what people are really thinking? There may be lots of reasons why someone's language changes, including events in their personal lives that have no relationship to work as long as they continue to carry out their duties competently. Imagine being called to the bosses office or HR to "explain" why your behavior has changed when you may not have realized the change yourself, and it has nothing to do with work. Failure to provide a satisfactory explanation will result in greater suspicion of your intentions, especially if the system that detected your behavioral "abnormalities" was sold with the understanding that it really could spot bad eggs before they cracked.
  • by SuricouRaven (1897204) on Sunday April 15, 2012 @06:26PM (#39695937)
    "Server three choked on the db backup again, looks like D filled, bodged a script to tidy crap from temp folder on nightly before AV, it'll buy a couple days before the new HDDs arrive. Throw the whole DB there during weekend DT. Also, don't forget it's LP on Sun - make sure to get the steam DLs first this time."
  • he's wearing no clothes? This comes across more "covering my ass" than addressing a real need/vulnerability.
  • We're better at this sort of thing than management. By a lot. We're also a damned site more noble. We don't have much to fear, really. They do. Perhaps we should be using semantic analysis to discover cases of consumer fraud, tax fraud, influence trading, and misappropriation of funds.

  • ...my first job was as a sys-admin for a small office, the boss had me install VNC to all company machines, mainly laptops for the sales folk, office manager etc. He would actually monitor them himself from time to time (while his office was 4m away).

    I protested but my warnings went unheeded, of course for some weird reason VNC "didn't work" on my machine. ;)
    It goes without saying that I got the hell out of there first chance I got and everyone else slowly followed.
  • My boss is a huge f*cking asshole!

    Alert: Subject has altered adjective. Suggest further surveillance.

Whoever dies with the most toys wins.

Working...