Feeds

Is this the end of corporate porn?

Internet Saviour - or Big Brother?

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Actis Technology reckons it has the answer to the employee Internet abuse - and that means porn, viruses, password cracking and gambling.

Its Net Intelligence software promises to "treat employees as adults" while protecting corporates from abuse of its networks.

Basically, a program (2Mb) is installed on every employee's PC which gives sys admins complete access to their PC through the network. Meanwhile a database (currently 2Gb) - licensed from Actis - is contained on a server somewhere in the building.

A search is run on employees' machines which searches all disks, runs every file through a well-known algorithm and sends them back as a "fingerprint" (83 bytes long) to a central machine. The fingerprints are then matched with the database of fingerprints of "inappropriate" material. Any match and away you go. The database is updated automatically every day from Actis' Web site.

Net Intelligence, the company claims, will pick up any files (pics and executables) which are not deemed suitable while removing the nannying system of filters and blocks that most companies currently use - hence the "treating employees as adults" catchline.

A nice little feature is one where a sys admin can monitor everything a particular employee is doing / has done. It can even pick up on deleted files, say the company.

The software raises some privacy questions. Actis claims it has no competitors as yet - but that is only on the automatic recognition of files aspect. System tools which enable companies to monitor everything an employee does have been around for ages. They have not proved too popular with employees and there is a question mark over their legal status, in light of
the Human Rights and Data Protection Acts.

Colin Rose, Actis CEO, doesn't see anything ethically wrong with the product. While the software is clearly open to abuse, it is the duty of companies to inform employees of their monitoring policies. Actis recommends that they do this when selling them the software.

But since Actis has an ongoing relationship with its customers(through a constant updating of the database), doesn't it have a duty to insist that companies inform employees of what they plan to do with the software? We bat this question about a bit before Colin not unreasonably points out that trying to tell a company like Coca-Cola what it is to do with its software is akin to "commercial suicide".

And he's right of course. We're back to the question of whether ISPs should be responsible for content or whether authors of script kiddie code are to blame for its use. We can argue about the ethics of it all day but the fact is that while corporates are worried about what the Internet enables employees to do (we'll ignore Actis' scaremongering presentation this time), they will pay someone to give them software that prevents abuse. The law is still far behind and unclear on all of this and prohibition is no solution - despite what the government thinks.

Trust the Judges

To our mind, the proper solution to the issue lies in employment law. If law puts constraints on what an employer is entitled to put into a contract regarding monitoring, and what it can do with assembled data, including the possible sacking of staff, then companies can make software that fits in with the law - instead of the catch-all programmes currently on the market.

Employment specialist David Von Hagen of DJ Freeman, the City law firm, confirms the confusion that exists in this area.

"Well, there are three laws that currently apply to employee rights. The RIP Act gives employees quite extensive rights, but then there is the Human Rights Act - although it can't be brought against private companies. And then there is the Data Protection Act - which shouldn't be underestimated in the power that it gives to employees. But then we are still waiting on the code of practice, due this month, to clarify the situation."

The problem lies in the fact that employees currently do not have to inform employees of their monitoring policies to justify reprimanding or sacking staff - because any "abuse" will be covered under the RIP Act.

Back to Net Intelligence. Is it actually technically feasible? Yes, we reckon it is. As the CTO Bill Strain explained, there is a limited number of cracker, number generator and gambling programmes. Get the "fingerprint" for these programmes and keep them updated and you can be pretty sure of picking up any incidence of it on your company's computers. Porn is tougher. Despite their claims, there is no way Actis can cover the number of porn pictures on the Internet.

However, most employees are not super tech-literate folk or secretive paedophiles - they will go to sex.com or playboy.com to get hold of pics. These pictures are easily fingerprinted. Also, if someone downloads hundreds of pics, there is a good likelihood there one or two will crop up on the database. This at least put a question mark over that employee's behaviour.

With regard to paedophilic pictures, Bill tells us that they are recognised from the fingerprints that the police send them (but only when asked for) - thereby avoiding the illegality of looking at the pictures themselves.

While Actis won't like this, if a common standard is made with regard to fingerprinting programmes and pictures, a worldwide, constantly updated database of programmes could be created and we could get back to the original idea of the Internet as a self-regulating medium. Not as much money and control there though.

The database was two years in the making and can be licensed for around £35 per PC per year (half-price from the second year on). Actis is built on £4 million funding from a consortium led by the Royal Bank of Scotland. ®

Security for virtualized datacentres

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Hey, Scots. Microsoft's Bing thinks you'll vote NO to independence
World's top Google-finding website calls it for the UK
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
OECD lashes out at tax avoiding globocorps' location-flipping antics
You hear that, Amazon, Google, Microsoft et al?
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.