Question:
Can your employer install software on your personal laptop and monitor, spy and screen your online behavior?
Chisel Tip
2013-07-19 06:52:30 UTC
I work from home for a company using a private virtual office environment using my own personal laptop. My employer's IT Department installed several applications to establish a cloud environment to access their corporate server via a VPN (virtual private network) using the product, ANX Positive Networks Pro, which operates as a stand-alone gateway to access my laptop, thus allowing other related company software applications to perform my work as an analyst. In addition to the VPN, the employer installed the following elements: (1) Rackspace, an e-mail application to communicate with the home office; (2) Quickbase, a specialized software used to perform my role as an auditor and analyst; (3) An Intranet application owned solely by my employer where business assets are stored for analysis; and (4) Trend Micro Anti-Virus & Security Office Software (its client-server security agent).

Recently, I have noticed -- while offline and outside work hours -- that Micro Trend monitors my online surfing behavior -- in particular Trend generates dialog boxes that pop up on my privately owned laptop informing me that "your company" has determined that this "site" or "URL" poses a security threat to this computer. The Trend dialog box gives me the option to "qualify" the "URL" under consideration thus sending a report to the IT administrator at my employer or to "approve" the "URL" which allows me to proceed to the site without Trend intrusion (storing that URL or site in a separate folder as an approved site). I have access to this folder located with Trend's program.

I have been working for this company-- a notable quality measurement company based in Fort Myers, Florida-- for one month now. All the software applications were installed at that time, but only last night Micro Trend started to issue "warnings" of security risks around website (URLs) that I visit routinely as a private person using my own personal computer. The laptop is NOT owned by my company, yet it appears that Micro Trend is operating quietly on my laptop and generating behavior reports directly to my employer ("administrator") without my authorization or permission, WHILE I'M NOT WORKING AND OFF THE CLOCK.

These Trend Micro "warnings" are recent and may pose a blatant invasion of my personal privacy and personal home computer property. Perhaps I do not understand how the Trend anti-virus suite works in combination with the company's applications and relay station back to the company, which monitors sales calls for the nation's largest and most powerful cable entertainment company.

Thus my Questions:

(1) Should I address my privacy concerns and rights directly with my supervisor and/IT manager who downloaded these many software applications to my personal laptop?

(2) Do I need to use Micro Trend as part of their required virtual office environment or can I easily buy my own top-shelf security suite to substitute Trend Micro, such as Kaspersky, where I can control the security software without reporting back to my employer?

(3) If I uninstall Trend Micro without advising my employer and replace it with my own security software, will this affect the proper and orderly operation of the associated applications needed to perform my job remotely from home? Is Micro Trend necessary for the ANX Positive Network PRO (VPN) to operate properly?

(4) Finally -- and more importantly -- am I at risk for being spied upon or monitored remotely by my employer by allowing them to use private property -- my laptop -- without my authorization and permission? It's not paranoia but valid concerns that "your company" has the capacity to receive Internet behavior reports quietly without my expressed authorization and permission, if not acting as a Trojan Horse of sorts---to say nothing about my employer surreptitiously accessing and lifting my laptop's contents.

We live in an digital age where one's digital rights can easily be absorbed and violated by "interests" operating with the wrong hands and intentions. Given the widespread awareness building around American privacy rights in the digital age and the growth of surveillance as a matter of business (and profit), I hope that a security expert or IT professional can answer my questions so that I protect my laptop & digital rights -- my online behavior, laptop contents, files, images, video and assets -- from unauthorized and possibly criminal intrusion by operators who are acting without cause outside the law.

I may contact in writing several prominent organizations involved in protecting privacy rights in the digital age, if not seek legal advice from professionals working in the field of electronic freedom and surveillance.

Chisel Tip Guy
Nine answers:
anonymous
2013-07-19 07:37:40 UTC
By consenting to installation of software, you have effectively given them the 'keys to the kingdom'.

They may have had you sign a waiver, agreement, or other document that hints at their objective and tactics, but it's been my experience that those Terms of Service or Privacy Policies & Permissions are loaded with nebulous legalese and not perfectly luminous with meaning.

Add to that, they likely included a "gotcha" clause which says they can change software without your informed consent, which further compounds the issues. What was benign yesterday may be replaced with more sinister tools and objectives tomorrow.



I suggest that if you have the money, use that system as a 'work only' dedicated device, and get another system for your personal activity.

And since you're concerned about privacy, I also suggest you install Linux, and be done with the insanity of Windows, plus the unknowable state of spying Microsoft (et al) may be doing**, in addition to the 'normal' background spying and thievery.



Condensing all the myriads of tactics, on-going evolution, counter-measure strategies and exploits, would take volumes...far too much to cover in one answer.

If you're going to use Windows (or any OS for that matter) you must become a security expert, and relentlessly pursue knowledge of emerging threats.



In summation: trust no one.



See these sites for some good Privacy issue articles:

https://www.eff.org/

https://www.grc.com/securitynow.htm

http://www.theregister.co.uk/security/

https://www.computerworld.com/s/topic/84/Privacy



**This dovetails exactly with the notion that Microsoft can 'update' your PC to include 'backdoors' for NSA spying, as revealed by the on-going "Snowden" revelations...yet Microsoft sustains it's concern for customer privacy, with the attendant 'gotcha' statement.

https://www.grc.com/sn/sn-413.htm
Curtis
2016-08-29 01:21:18 UTC
2
chapdelaine
2016-10-15 18:05:33 UTC
Laptop Spy Software
Castlecraft
2013-07-19 07:06:47 UTC
ok to answer your question in order but first a comment, you are using your own hardware to do your job..but you allowed your employer to access and ammend that hardware to access their network. what they can and cant do to that is therefore up to you and your contract with them. What it looks like is that as part of the virtual desktop access via VPN they use a specific security software and it monitors everything.



1) you should indeed raise your concerns with your supervisor in writing, detail what they are and why you think they should not be happening. also indicate why you think these are happening.

2) you will need the software as part of the connection, odds are that the VPN is setup to not work at all without trend

3) it is your machine, you have the right to remove the trend but if you use your own it probably wont connect to work

4) if the software is theirs, the settings are theirs and the log files are theirs so they can probably monitor everything you do!



the better course would be to have two operating systems on the machine, have two copies of windows maybe xp and 7 on the machine use xp for work and 7 for home, you can then do as you please without being monitored.
Veni
2013-07-19 07:31:31 UTC
If the company is indeed spying on you then they have read this y/a question and will address you shortly. If you signed a contract with HR did you keep a copy? Does it tell you about privacy and their right to spy on you? A lot of companies spy on their employees to make sure they are actually working for the hours on the computer so that they are not paying for employees that email friends, tell jokes, gamble or look at porn but usually that software is on their own computers. Find out what your contract with them reads and see if you have an employee handbook that addresses these issues and questions.
anonymous
2013-07-20 03:14:49 UTC
At least eight characters long, and the longer the better. Passwords shorter than 8 characters are easy to crack. Follow these password rules. Avoid common words and proper names. Use both uppercase and lowercase letters, numbers, and symbols. Trouble is, who can remember a password like Fm79$#Xk? Try a passphrase instead:
anonymous
2016-03-12 03:07:27 UTC
Sorry to say, companies do not put anything on individual computers to monitor your activity. All that is done from the server. At my company we archive every email ever sent from every employee for 7 years and we have tools (check out Surf Control as one example) that monitors requests to websites. Companies have every right to monitor its systems as they are owned by the company, not the employee.
smgray99
2013-07-19 07:09:08 UTC
Strongly suggest you tell the company to supply you with a laptop so you can remove all that stuff from your personal laptop. What you do on your off time is your own business, as long as it is not illegal. Forcing an employee to use his own laptop is almost like hiring a bus driver and telling him to supply his own bus. As long as you allow your company access to your laptop everything you do is potentially recorded and saved.
anonymous
2016-09-17 17:09:03 UTC
thanks for the answers EVERYONE <3


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...