America - a nation of corporate email snoops

Big Brother's Little Brother

  • alert
  • submit to reddit

The Power of One eBook: Top reasons to choose HP BladeSystem

Forget Big Brother, US conglomerates are paying low-tech snoopers to read workers' emails.

According to research from Forrester Consulting, 44 per cent of large US companies (20,000 workers and above) pay someone to monitor the firm's outgoing mail, with 38 per cent regularly auditing email content. According to the study - reported without question in the mainstream press - companies' motivation was mostly due to fears that employees were leaking confidential memos.

Proof, were it needed, that your own staff are the biggest security risk. If the study is to be believed, the dystopian visions of films such as Brazil and George Orwell's 1984 are an everyday reality of today's corporate America. Yes, that's right: "privacy officers" are scouring your email looking for incriminating snippets among the flirtatious email, jokes exchanged between mates and the small amount of work-related stuff you might send during the course of the day.

Scary stuff. And we're asked to believe they are often doing this with little recourse to technology. Even scarier.

Paranoid Android

Joking aside, the 44 per cent figure on corporate snoops struck us as very high. So we got in touch with Forrester asking it to justify its conclusions. Forrester directed our enquiries towards Proofpoint, the email filtering firm which sponsored the research. Forrester Consulting, the custom research arm of Forrester Research, did the leg work for the survey but it was Proofpoint which wrote up the final report.

So how does Proofpoint explain its findings on email monitoring? It's all to do with complying with external regulations.

A wide variety of external regulations applying to email are driving the monitoring trend, according to Keith Crosley, director of corporate communications at Proofpoint. He cited US regulations such as HIPAA (which regulates the handling of personal health information) and Gramm-Leach-Bliley (which regulates the handling of private personal and financial information) as examples.

"It's because of these concerns that companies employ staff to monitor outbound email. Technology solutions for detecting confidential information or for detecting other breaches of email policy or external regulations have, to date, not been particularly effective or popular so the best recourse that companies have has been to have human beings monitor email," he said.

Proofpoint's angle here is that its anti-spam technology can be used as a way of ensuring that outbound emails comply with government regulations. "We believe that companies will, over time, turn to technology to help enforce their internal policies," said Crosley.

The (email) Conversation

If low-tech snooping is currently so widespread, could Proofpoint name a company which is paying someone specifically to check emails? We'd welcome the chance to have a chat to a modern day Harry Call (the lead charecter played by Gene Hackman in 70s classic The Conversation) but sadly we're out of luck.

"We have come into contact with numerous companies that employ staff (even full time staff) to monitor or audit outbound email, but I don't have a company name that you could use," said Crosley. "Because of this 'anecdotal' information, I can say that the results of the survey didn't really surprise us. But as you might imagine, most companies are not willing to talk openly about the use of these sorts of techniques even though they are completely legal in the US."

"To people not familiar with this issue, however, the number does seem astonishing. But our findings on other points are not out of line with other recent email related research. In a somewhat similar survey conducted by the ePolicy Institute, which found that about 60 per cent of companies use some sort of technology to monitor incoming and outgoing email."

Readers can review Proofpoint's survey here. ®

Related stories

netReplay is watching you
Google's Gmail: spook heaven?
US defends cybercrime treaty
Security fears over UK 'snooper's charter'
Merrill Lynch shackles employee Net access
Privacy in the workplace is a 'myth'

Designing a Defense for Mobile Applications

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story


Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.