America - a nation of corporate email snoops

Big Brother's Little Brother

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

Forget Big Brother, US conglomerates are paying low-tech snoopers to read workers' emails.

According to research from Forrester Consulting, 44 per cent of large US companies (20,000 workers and above) pay someone to monitor the firm's outgoing mail, with 38 per cent regularly auditing email content. According to the study - reported without question in the mainstream press - companies' motivation was mostly due to fears that employees were leaking confidential memos.

Proof, were it needed, that your own staff are the biggest security risk. If the study is to be believed, the dystopian visions of films such as Brazil and George Orwell's 1984 are an everyday reality of today's corporate America. Yes, that's right: "privacy officers" are scouring your email looking for incriminating snippets among the flirtatious email, jokes exchanged between mates and the small amount of work-related stuff you might send during the course of the day.

Scary stuff. And we're asked to believe they are often doing this with little recourse to technology. Even scarier.

Paranoid Android

Joking aside, the 44 per cent figure on corporate snoops struck us as very high. So we got in touch with Forrester asking it to justify its conclusions. Forrester directed our enquiries towards Proofpoint, the email filtering firm which sponsored the research. Forrester Consulting, the custom research arm of Forrester Research, did the leg work for the survey but it was Proofpoint which wrote up the final report.

So how does Proofpoint explain its findings on email monitoring? It's all to do with complying with external regulations.

A wide variety of external regulations applying to email are driving the monitoring trend, according to Keith Crosley, director of corporate communications at Proofpoint. He cited US regulations such as HIPAA (which regulates the handling of personal health information) and Gramm-Leach-Bliley (which regulates the handling of private personal and financial information) as examples.

"It's because of these concerns that companies employ staff to monitor outbound email. Technology solutions for detecting confidential information or for detecting other breaches of email policy or external regulations have, to date, not been particularly effective or popular so the best recourse that companies have has been to have human beings monitor email," he said.

Proofpoint's angle here is that its anti-spam technology can be used as a way of ensuring that outbound emails comply with government regulations. "We believe that companies will, over time, turn to technology to help enforce their internal policies," said Crosley.

The (email) Conversation

If low-tech snooping is currently so widespread, could Proofpoint name a company which is paying someone specifically to check emails? We'd welcome the chance to have a chat to a modern day Harry Call (the lead charecter played by Gene Hackman in 70s classic The Conversation) but sadly we're out of luck.

"We have come into contact with numerous companies that employ staff (even full time staff) to monitor or audit outbound email, but I don't have a company name that you could use," said Crosley. "Because of this 'anecdotal' information, I can say that the results of the survey didn't really surprise us. But as you might imagine, most companies are not willing to talk openly about the use of these sorts of techniques even though they are completely legal in the US."

"To people not familiar with this issue, however, the number does seem astonishing. But our findings on other points are not out of line with other recent email related research. In a somewhat similar survey conducted by the ePolicy Institute, which found that about 60 per cent of companies use some sort of technology to monitor incoming and outgoing email."

Readers can review Proofpoint's survey here. ®

Related stories

netReplay is watching you
Google's Gmail: spook heaven?
US defends cybercrime treaty
Security fears over UK 'snooper's charter'
Merrill Lynch shackles employee Net access
Privacy in the workplace is a 'myth'

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story


A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.