8th CACR Information Security Workshop
2nd Annual Privacy and Security Workshop
Chief Researcher, Privacy Foundation
Privacy in the Workplace
A Privacy Foundation study of vendors of employee-monitoring software recently found that about one-third of the online workforce in North America has its web surfing and/or email under continuous surveillance by employers. This talk will consider the technical, legal, and business aspects of this fascinating phenomenon.
Products such as Websense, SurfControl, MIMEsweeper, and the logging capabilities built into most proxy, cache, and email servers, allow the recording, long-term archiving, and inspection of material that in other contexts would be considered ephemeral. What was once a water-cooler conversation, or the casual perusal of a magazine, can now be saved for posterity, possibly to play a prominent role years later as evidence in court.
In addition to discussing how employee monitoring works, why companies and government agencies are adopting it, whether it makes sense for organizations to adopt it, and what privacy implications monitoring has for employees, the talk will also use employee monitoring as a small window into the larger issues of security and privacy raised by the Sept. 11 terrorist attacks in the US.
Andrew Schulman if the chief researcher for the US Privacy Foundation's Workplace Surveillance Project (http://www.privacyfoundation.org/workplace), which is examining the issue of employer monitoring of employee computer, Internet, and email use. Since 1995 he has worked primarily as a software litigation consultant, providing technical details in legal cases involving copyright, reverse engineering, trade secrets, antitrust and, most recently, Internet privacy, providing services such as source-code comparisons (for copyright and patent purposes), inspection of binary code, and assessments of bugs, incompatibilities, error and warning messages. Based in California, Schulman is the author and editor of several computer-programming books (including Undocumented Windows, Undocumented DOS, and Unauthorized Windows 95) on the internal operation and undocumented features of Microsoft operating systems. His web site is