America - a nation of corporate email snoops

Big Brother's Little Brother

  • alert
  • submit to reddit

Website security in corporate America

Forget Big Brother, US conglomerates are paying low-tech snoopers to read workers' emails.

According to research from Forrester Consulting, 44 per cent of large US companies (20,000 workers and above) pay someone to monitor the firm's outgoing mail, with 38 per cent regularly auditing email content. According to the study - reported without question in the mainstream press - companies' motivation was mostly due to fears that employees were leaking confidential memos.

Proof, were it needed, that your own staff are the biggest security risk. If the study is to be believed, the dystopian visions of films such as Brazil and George Orwell's 1984 are an everyday reality of today's corporate America. Yes, that's right: "privacy officers" are scouring your email looking for incriminating snippets among the flirtatious email, jokes exchanged between mates and the small amount of work-related stuff you might send during the course of the day.

Scary stuff. And we're asked to believe they are often doing this with little recourse to technology. Even scarier.

Paranoid Android

Joking aside, the 44 per cent figure on corporate snoops struck us as very high. So we got in touch with Forrester asking it to justify its conclusions. Forrester directed our enquiries towards Proofpoint, the email filtering firm which sponsored the research. Forrester Consulting, the custom research arm of Forrester Research, did the leg work for the survey but it was Proofpoint which wrote up the final report.

So how does Proofpoint explain its findings on email monitoring? It's all to do with complying with external regulations.

A wide variety of external regulations applying to email are driving the monitoring trend, according to Keith Crosley, director of corporate communications at Proofpoint. He cited US regulations such as HIPAA (which regulates the handling of personal health information) and Gramm-Leach-Bliley (which regulates the handling of private personal and financial information) as examples.

"It's because of these concerns that companies employ staff to monitor outbound email. Technology solutions for detecting confidential information or for detecting other breaches of email policy or external regulations have, to date, not been particularly effective or popular so the best recourse that companies have has been to have human beings monitor email," he said.

Proofpoint's angle here is that its anti-spam technology can be used as a way of ensuring that outbound emails comply with government regulations. "We believe that companies will, over time, turn to technology to help enforce their internal policies," said Crosley.

The (email) Conversation

If low-tech snooping is currently so widespread, could Proofpoint name a company which is paying someone specifically to check emails? We'd welcome the chance to have a chat to a modern day Harry Call (the lead charecter played by Gene Hackman in 70s classic The Conversation) but sadly we're out of luck.

"We have come into contact with numerous companies that employ staff (even full time staff) to monitor or audit outbound email, but I don't have a company name that you could use," said Crosley. "Because of this 'anecdotal' information, I can say that the results of the survey didn't really surprise us. But as you might imagine, most companies are not willing to talk openly about the use of these sorts of techniques even though they are completely legal in the US."

"To people not familiar with this issue, however, the number does seem astonishing. But our findings on other points are not out of line with other recent email related research. In a somewhat similar survey conducted by the ePolicy Institute, which found that about 60 per cent of companies use some sort of technology to monitor incoming and outgoing email."

Readers can review Proofpoint's survey here. ®

Related stories

netReplay is watching you
Google's Gmail: spook heaven?
US defends cybercrime treaty
Security fears over UK 'snooper's charter'
Merrill Lynch shackles employee Net access
Privacy in the workplace is a 'myth'

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Blood-crazed Microsoft axes Trustworthy Computing Group
Security be not a dirty word, me Satya. But crevice, bigod...
prev story


Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.