INTRODUCTION

More than 70 percent of the adult online population has accessed the
Internet at work for personal use at least once, according to a September
2000 eMarketer study. Employees are sending personal e-mail, playing
games, viewing pornography, shopping, checking stock price and
gambling online during working hours.
Don't think these cyberslacking activities are going unnoticed. With a
simple software application, your boss can be tapping into your
computer and see what you're doing in real-time. Whether you are guilty
of wasting company time or not, your computer might be under
surveillance. You can be monitored without your knowledge --
employers are not required to notify you that you're being observed.
A Growing Trend: Systematic Surveillance

The growing number of employers who are monitoring their employees'

activities is a result of the low cost of the monitoring technology, a
growing percentage of employees using their computers for personal use
and an increase in employees leaking sensitive company information.
Employers are also watching their workers to avoid sexual harassment
and discrimination lawsuits that stem from inappropriate and offensive
e-mail circulating within a company.

Instead of monitoring those employees who exhibit suspicious behavior,

many employers are instituting "continuous, systematic surveillance" in
the workplace, according to a Privacy Foundation study written by
Andrew Schulman. Reports of companies firing workers for misusing
workplace computers are becoming more common as an increasing
number of employers implement electronic monitoring software.
Computers leave behind a trail of bread crumbs that can provide
employers with all the information they could possibly need about an
employee's computer-related activities. For employers, computers are
the ultimate spy. There's little that can stop an employer from using
these surveillance techniques.
Methods Used to track employee activities:

 Packet sniffers
 Log files
 Desktop monitoring programs
 Phones
 Closed-circuit cameras

Computer-monitoring programs carry such names as Shadow,

SpyAgent, Web Sleuth and Silent Watch. The prices of these programs
range from as little as $30 to thousands of dollars. The number of
employers who believe that they need these programs and the relatively
low cost has resulted in an emerging multi-million dollar industry called
employee Internet management.
Packet Sniffers

Definition: Packet sniffing is the act of capturing packets of data

flowing across a computer network.The software or device used to do
this is called a packet sniffer.

Computer-network administrators have used packet sniffers for years to

monitor their networks and perform diagnostic tests or troubleshoot
problems. Essentially, a packet sniffer is a program that can see all of the
information passing over the network it is connected to. As data streams
back and forth on the network, the program looks at, or "sniffs," each
packet. A packet is a part of a message that has been broken up.
Normally, a computer only looks at packets addressed to it and ignores
the rest of the traffic on the network. But when a packet sniffer is set up
on a computer, the sniffer's network interface is set to promiscuous
mode. This means that it is looking at everything that comes through.
The amount of traffic largely depends on the location of the computer in
the network. A client system out on an isolated branch of the network
sees only a small segment of the network traffic, while the main domain
server sees almost all of it.
A packet sniffer can usually be set up in one of two ways:

 Unfiltered - captures all of the packets

  Filtered - captures only those packets containing specific data
elements
Packets that contain targeted data are copied onto the hard disk as they
pass through. These copies can then be analyzed carefully for specific
information or patterns.
In its simple form a packet sniffer simply captures all of the packets of
data that pass through a given network interface.Typically, the packet
sniffer would only capture packets that were intended for the machine in
question.However , if place into promiscuous mode,the packet sniffer is
also capable of capturing all packet traversing the network regardless of
destination.
A packet sniffer can only capture packet information within a given
subnet.So,its not possible for a malicious attacker to place a packet
sniffer on their home ISP network and capture network traffic from
inside your corporate network. In order to do so, the packet sniffer needs
to be running on a computer that is inside the corporate network as well.

When you connect to the Internet, you are joining a network maintained
by your Internet service provider (ISP). The ISP's network
communicates with networks maintained by other ISPs to form the
foundation of the Internet. A packet sniffer located at one of the servers
of your ISP would potentially be able to monitor all of your online
activities, such as:

 Which Web sites you visit

 What you look at on the site

  Whom you send e-mail to

 What's in the e-mail you send

 What you download from a site

 What streaming events you use, such as audio, video and Internet
telephony

Packet sniffing methods:

Three types of Packet sniffing are used. Methods may work in non-
switched networks or in switched networks.

These methods are:

IP-based sniffing, MAC-based sniffing, and MAC-based sniffing.

IP-based sniffing

I.P -based sniffing works by putting the network card into promiscuous
mode and sniffing all packets matching the IP address filter and is the
original type of packet sniffing. The IP address filtering isn't switched on
so the sniffing program is able to capture all the packets. This method
will only function in non-switched networks.

MAC-based sniffing

MAC-based sniffing works by putting the network card into

promiscuous mode and sniffing all packets that match the MAC address
filter.

ARP-based sniffing

ARP-based sniffing doesn't put the network card into promiscuous mode
because ARP packets are sent to its administrators. This is because the
ARP protocol is stateless. This means that sniffing can be done on a
switched network.

To use ARP-based sniffing you will need to 'poison' the ARP cache of
the two hosts you intend to investigate, identifying yourself as the other
host in the connection. As soon as the ARP caches are poisoned the
hosts connect but instead of sending the traffic directly to the other host
it gets sent to the administrator who then logs the traffic and forwards it
to the real host on the other side of the connection.

From this information, employers can determine how much time a

worker is spending online and if that worker is viewing inappropriate
material. Detecting rogue packet sniffers on your network is not an easy
task.By its very nature the packet sniffer is passive. It simply captures
the packets that are traveling to the network interface it is monitoring.
That means there is generally no signature or erroneous traffic to look
for that would identify a machine running a packet sniffer.
Desktop monitoring programs work differently than packet sniffers.
They can actually monitor every single action you take with your
computer.
Desktop Monitoring

Every time you provide some form of input for your computer, whether
it's typing on the keyboard or opening a new application, a signal is
transmitted. These signals can be intercepted by a desktop monitoring
program, which can be installed on a computer at the operating system
level or the assembly level. The person receiving the intercepted signals
can see each character being typed and can replicate what the user is
seeing on his or her screen.
Desktop monitoring programs can be installed in two ways:

 Physically - Someone sits at the computer and installs the

software.

 Remotely - A computer user opens an e-mail attachment. The

attachment, which contains a program the user wants to install,
may also contain desktop monitoring software. This is described as
a Trojan horse -- a desired program that contains an undesired
program.
Desktop monitoring programs have the ability to record every keystroke.
When you are typing, a signal is sent from the keyboard to the
application you are working in. This signal can be intercepted and either
streamed back to the person who installed the monitoring program or
recorded and sent back in a text file. The person it's sent back to is
usually a system administrator. However, keystroke intercept programs
are also popular among "hackers."
Hackers often use desktop monitoring programs to obtain user
passwords. Intercept programs, because they record keystrokes, also
make users susceptible to having their credit card number and other
sensitive personal data stolen.
Employers can use the desktop monitoring program to read e-mail and
see any program that is open on your screen. Desktop replicating
software captures the image on the computer screen by intercepting
signals that are being transmitted to the computer's video card. These
images are then streamed across the network to the system administrator.
Some prepackaged programs include an alert system -- when a user
visits an objectionable Web site or transmits inappropriate text, the
system administrator is alerted to these actions.
But employers don't need to install software to track your computer use.
There are actually systems built into every computer that make finding
out what you've been doing pretty easy.

Log Files
Your computer is full of log files that provide evidence of what you've
been doing. Through these log files, a system administrator can
determine what Web sites you've accessed, whom you are sending e-
mails to and receiving e-mails from and what applications are being
used. So, if you are downloading MP3 files, there's more than likely a
log file that holds data about that activity.
In many cases, this information can be located even after you've deleted
what you thought was all the evidence -- but deleting an e-mail, or a file,
doesn't erase the trail. Here are a few places where log files can be
found:

 Operating systems

 Web browsers (in the form of a cache)

 Applications (in the form of backups)

 E-mail

the hard drives of an employee's computer and a system administrator's

computer are connected, a system administrator can view the log files
remotely. The administrator has to have access to the drive to check
files remotely. Otherwise, a system administrator can check the
computer before an employee comes in or after the employee leaves for
the day.
You might be surprised at how many companies are monitoring
employee activities. In the next section, you'll find out just how
widespread this practice is.

Workplace Eavesdropping
Computer surveillance is by far the primary method of monitoring
employee activity. However, employers are still using traditional
methods such as eavesdropping on phone calls, storing and reviewing
voice mail and video-recording employees on the job, according to the
American Management Association (AMA).
"The lines between one's personal and professional life can blur with
expectations of a 24-seven work week, but employees ought to engage
in some discretion about personal activities carried out during the
official hours of work," Ellen Bayer, AMA's human resources practice
leader, said.
Currently, 78 percent of all companies use some type of surveillance
system. Here is a breakdown of the methods they use:

 Storing and reviewing computer files: 36 percent

 Video-recording employees: 15 percent

 Recording and reviewing phone calls: 12 percent

 Storing and reviewing voice mail: 8 percent

The ALUC estimates that employers eavesdrop on about 400 million
telephone calls annually. Federal wiretap laws forbid eavesdropping on
conversations unless one of the parties to the conversation consents, but
the Electronic Communication Privacy Act of 1986 allows employers to
listen to "job-related" conversations. The ECPA gives employers almost
total freedom to listen to any phone conversation, since it can be argued
that it takes a few minutes to decide if a call is personal or job-related
In addition to monitoring phone conversations, employers often place
video cameras in the work area to monitor employee activity. Small
cameras are sometimes implanted and directed to view the computer, so
that the employee's computer activity can be monitored that way.
"Privacy in today's workplace is largely illusory," Bayer said. "In this
era of open-space cubicles, shared desk space, networked computers and
teleworkers, it is hard to realistically hold onto a belief of private space.
Work is carried out on equipment belonging to employers who have a
legal right to the work product of the employees using it."
In the next section, we will further explore the legalities of workplace
monitoring and answer the question of just how much privacy you can
expect at work.
Privacy Laws

Simply stated, courts in the United States tend to favor the employer in
workplace-surveillance cases. For that reason, employees should always
use good judgment when logging onto the Internet and sending e-mails.
Choose your words carefully; you never know who might read your
correspondence.

Under the Electronic Communications Privacy Act (ECPA),

electronic communications are divided into two groups:

 Stored communication
 Communication in transit

Under the law, electronic communication in transit has almost the

same level of protection as voice communication, meaning that
intercepting it is prohibited. Accessing stored electronic
communication, such as e-mail sitting on a server waiting to be sent, is
not illegal. The courts have ruled that since the e-mail is not physically
traveling anywhere -- is not "in transit" -- it does not have the same level
of protection.
This directly contradicts many laws regarding traditional mailing
systems. If the U.S. Postal Service worked this way, no one would be
allowed to open your mail as long as it were being carried to your
mailbox; but the second it is placed in the mailbox and stops moving,
your neighbors would be free to come over, open and read your mail.
This, of course, is not how laws regarding the postal system work. It is
illegal to tamper with someone else's mail.

The U.S. Constitution contains no express right to privacy, but the U.S.
Supreme Court has historically upheld an implied right to privacy.
However, this right does not apply to employees. Courts seem to be
upholding the idea that since the company owns the equipment and the
office space, it has a right to monitor its employees to prevent misuse of
that equipment and space.

With more companies installing monitoring devices and technology, you

should be careful the next time you send that e-mail to mom or check
out the latest sale at your favorite online store while at work. Your
employer could be watching, listening and recording.