General Question

GeorgeGee's avatar

It's generally legal for your company to "spy" on your computer use but is it legal for them to use keystroke logging to find out your passwords on non company sites?

Asked by GeorgeGee (4935points) August 19th, 2010

When does a company cross the line in spying on its employees? Has a company ever been prosecuted for this?

Observing members: 0 Composing members: 0

16 Answers

bobloblaw's avatar

Are you using company computers? If so, generally, they can do/install whatever they want.

Mephistopheles's avatar

You have very little privacy when it comes to private employment. If it’s in your contract, then your boss can do it, just as long as it doesn’t clash with your statutory rights (and there is no constitutional right to privacy – at least not in the USA).

You’d be surprised at what employers are allowed to get away with. In Switzerland, they can access all employee medical records. Few countries are as bad as that, but it’s definitely unwise to be naughty on the company PC.

perspicacious's avatar

I haven’t read a case on this specifically. But based on the use of telecommunications equipment and incoming mail, it would seem that the company may assume that anything you do on a company computer is related to the business. The equipment belongs to the company and they can presumably install and use any software they choose to.

This is my personal opinion.

gorillapaws's avatar

@Mephistopheles “there is no constitutional right to privacy – at least not in the USA”

That’s not completely true. While it’s not explicitly stated in the constitution, in Roe V Wade it was mentioned that there is an inferred right to privacy in the constitution (there may be other cases that do a better job of stating how that inferred right works).

I would certainly assume that if you logged into your bank’s website to check your balance or do whatever while on lunch or break, that certainly wouldn’t justify the company from using your password acquired via a key-logger to log in as you and view your banking transaction history or whatever. That seems like it has to be a violation of some kind of anti-hacker legislation against logging in to someone else’s account without their permission.

I’m not a lawyer so please take my opinion with a grain of salt.

MrItty's avatar

What makes you think you have the right to visit any non-company websites via your work computer?

If you need to visit a third party website for your job, then you should be creating a work-only account on that third party website.

Your company owns every single keystroke you type on their keyboard.

BarnacleBill's avatar

It’s not illegal for the company to monitor what they do on their equipment. It is illegal for another employee to use that information for their own gain.

Response moderated (Off-Topic)
john65pennington's avatar

A company computer is just that…....a company computer. they own it lock, stock and barrel. they can install whatever pleases them on their computers. just remember, if you do not want your company to see what you wrote or where you have been, then don’t type it.

In the police world, all computer informaton is recorded. the results are public and can be viewed by anyone at any time. we are very careful and so should you.

marinelife's avatar

I agree with @ Mr. Itty. It would be legal for a company to use a keystroke logger, because you should not be going to third-party Web sites on work time.

MrItty's avatar

@wilhel1812 Uhm, no, I don’t think so.

http://www.privacyinternational.org/survey/phr2003/countries/norway.htm

“The Telecommunications Act of 1995 imposes a duty of confidentiality on telecommunications providers. Under section 9–3 of the Act, telecommunications service providers must safeguard the secrecy of the content of telecommunications.[1981] Police may access this information upon a court order or by administrative order from the National Post and Telecommunications authorities.[1982] Individuals who unlawfully examine the content of an electronic transmission may be punished according to the Norwegian Criminal Code. However, employers may examine the content of e-mails sent and received by employees at their work place, if such e-mail is presumed to be work-related and the employees are warned beforehand of such monitoring.[1983]”

All the employer has to do is inform you when you start working there that you are only to use their network for work-related activities, and then they’re free to monitor your email and other activity, under the presumption that everything you do on their computers is work-related.

MrItty's avatar

@wilhel1812 I’m using a Google Translation of this site, so maybe you can tell me if something’s being lost in translation:

http://www.datatilsynet.no/templates/article____407.aspx#19

“Also all the employees’ activities on the Internet or using the printer is logged automatically.”
“The employer can also use the logs to the overall supervision or general control of the computer system. This control can only take place at group level for all or part of the business. Sometimes the employer be able to see from the logs that employees misusing the computer system, for example by allowing it to download files and programs in violation of internal guidelines and instructions, or that it is generally used for a lot of time on the Internet. There are different technical solutions when the employer can choose not involve the processing of personal data. This could include the introduction of barrier against certain types of downloads or files. These methods should always be preferred.”

downtide's avatar

I think employers can log what they like if you are using company equipment on company time. My employer specifically bans use of any non-company website that you have to log in to use. That means no web-mail, no blogging, no facebook, no forums, no Fluther, no purchasing stuff online, etc. They can and do fire people for breaking that rule.

And it’s not just an arbitrary thing just to be mean and stop us socialising online. Someone was caught emailing out a list of our customers’ credit card numbers.

wilhel1812's avatar

@MrItty Well will have to make a full retreat here. I’m sorry.
That said, I have a strong feeling that this isn’t the same as it is in the US. Logging routers at work is normal at some larger firms, but not something you’ll run into at the average job.Cchecking the local logs on the computers or using keyloggers is not normal at all. Blocking sites like Facebook and such happens at some firms, but normally sites like that isn’t blocked.

When looking at my last work contract I do realize it’s written that they can track my use. However as I said, this is not on the computer itself, but on the network at my job. And i do know that they did never check any logs and if they did i think people would be really upset and start a protest. It’s simply not normal.

Response moderated (Spam)
Response moderated (Spam)
Response moderated (Spam)

Answer this question

Login

or

Join

to answer.

This question is in the General Section. Responses must be helpful and on-topic.

Your answer will be saved while you login or join.

Have a question? Ask Fluther!

What do you know more about?
or
Knowledge Networking @ Fluther