A Company Proposal

from a bit of a look around I think it should be known that it might happen, and should only be used when there is suspicion or reason to do so, not just for everyone at all times
 
Of course you have to keep your mouth shut, it's your job. People shouldn't be doing what they are not supposed to anyway. It is however your responsibility as a law abiding citizen to watch what is done with that data.
 
If your against it make sure the program is not added to your Antivirus ignore list ;) if its anything like Sophos it will pick up most keyloggers including ones aimed at business's and alert the user.
 
Computer Misuse Act 1990 said:
Unauthorised access to computer material

(1) A person is guilty of an offence if—

(a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;

(b) the access he intends to secure is unauthorised; and

(c) he knows at the time when he causes the computer to perform the function that that is the case.
Click to expand...

Access to an employees computer is normally "authorised" by means of a computer terms of use agreement or similar, if this isn't the case, or a change making this part of the agreement hasn't been made available to the users, then the act of installing a keylogger is illegal under the above part of the computer misuse act
 
But the company has authorised Owen to install the keylogger to the companies computers.
The company own the computer not the indivdual using it so that would throw the computer misuse act out of the window
 
It sounds pretty dodgy either way, I tend to work best if I can have a two minute break here and there as I'm sure a lot of other people do.

Thankfully I'm the one who has to manage the web/email servers and network here (even though I was only bought in as a programmer) so I can do what I please. :D.
 
Ethics said:
Subverting the system is not the answer to his question or the underlying problem though.

And in most eyes it would be an admission of guilt.
Click to expand...

I see your point, and I would never do it for illegal reasons; it's down to the company's standpoint on computer usage during off work hours, but I do believe that I have a right to protect my own personal data.
 
Last edited:
Adsta said:
But the company has authorised Owen to install the keylogger to the companies computers.
The company own the computer not the indivdual using it so that would throw the computer misuse act out of the window
Click to expand...

hmmm, i'm not saying you're wrong, I dont know the letter of the law, but i'd be surprised if there wasn't some requirement for at least an implicit agreement to a laid out policy by nature of using the computers (obviously such an agreement would have to be available to users). I know it is a murky legal area but I can't imagine all the authorisation is placed on the owner of the equipment, imagine if a net cafe owner had keylogging software installed, would that be legal? It's not really a different situation
 
what gets me about this is that someone obviously wants to catch people out, why not tell everyone that they will be monitored from now on, this would surely cacth the majority of the "misuse" of company time and resources before it even happens.

Once everyone has been made aware then the company can easily discipline people if they keep it up.

Sounds to me like the MD (or whoever order it) just wants to snoop and have that feeling of power, sad really, glad i dont work for a turd like that :(
 
Abraham said:
hmmm, i'm not saying you're wrong, I dont know the letter of the law, but i'd be surprised if there wasn't some requirement for at least an implicit agreement to a laid out policy by nature of using the computers (obviously such an agreement would have to be available to users). I know it is a murky legal area but I can't imagine all the authorisation is placed on the owner of the equipment, imagine if a net cafe owner had keylogging software installed, would that be legal? It's not really a different situation
Click to expand...

hehe tbh mate i dont even know if im right :p

With the internet cafe example though your paying them for a private personal use of the internet/email. With a company computer network it is the company that is paying you to use their system for work use.

As you said its all a bit murky area to deal with. It really all depends on what it says in your terms and conditions with regards to usage of the computer system. Some companies i know state that you are 100% NOT allowed to use the PC's for personal use at all. This includes internet. In which case including a keylogging software shouldnt really be a concern.
 
Adsta said:
hehe tbh mate i dont even know if im right :p

With the internet cafe example though your paying them for a private personal use of the internet/email. With a company computer network it is the company that is paying you to use their system for work use.

As you said its all a bit murky area to deal with. It really all depends on what it says in your terms and conditions with regards to usage of the computer system. Some companies i know state that you are 100% NOT allowed to use the PC's for personal use at all. This includes internet. In which case including a keylogging software shouldnt really be a concern.
Click to expand...
I'm not sure whether they're paying you or you're paying them makes a great deal of difference, in both cases you'd have to agree to a usage policy.

Even where no personal use is allowed it's a bad security practice to have everyones passwords etc logged, and there's plenty of sensitive data floats around companies that should probably only be viewable by the relevant people, not whoever is lumbered with monitoring keylogs
 
In my last company we used to produce IT Security policies for SME organisations and I can tell you now that what your company is proposing to do is highly illegal.

In order to comply with Privacy laws and Data Protection Laws they have to publish an IT Security Policy dictating what constitutes "fair use" of the computer systems during working hours and inform people that the computer systems can and will be monitored at any time - including internet access and emails.

Installing keylogging software is a BIG NO NO as you could capture data that you have no right to access - for example if people are allowed to use the internet during working hours to view their bank accounts you could end up capturing their account details - instant breach of data protection laws.

If your company suspects people of abusing the internet then they have to tackle the problem professionally and EQUALLY across the whole company. Otherwise they could be on the wrong end of a discrimination law suit.

Very dodgy ground to be on and if I were in your shoes I would make it perfectly clear in writing to your management that you do not agree with what is being done because you believe it to be illegal.
 
Abraham said:
I'm not sure whether they're paying you or you're paying them makes a great deal of difference, in both cases you'd have to agree to a usage policy.
Click to expand...

Yea true, hence as i said you need to check your terms and conditions :D

Abraham said:
Even where no personal use is allowed it's a bad security practice to have everyones passwords etc logged, and there's plenty of sensitive data floats around companies that should probably only be viewable by the relevant people, not whoever is lumbered with monitoring keylogs
Click to expand...

Again true, but as for the lumbered bit well. My guess would be the company would either hire or internally look for someone to take on this role and responsiblities end of the day someone will have to do it. Its a legitimate job so *shrugs*
As for the password thing i agree with you totally there. Im not too sure how you could get around that
 
You must log in or register to reply here.
Back
Top Bottom