Business Cyber Snooping, Spying, Eavesdropping… When Does Internet-Email Snooping, Spying… Go Too Far…

It’s pretty rare for companies to have a snooping, spying… policy; although these days, it’s getting more common ~ David R. Ellis

Snooping, in a security context, is unauthorized access to another person’s or company’s data. The practice is similar to eavesdropping but is not necessarily limited to gaining access to data during its transmission. Snooping can include; casual observance of an email that appears on another’s computer screen or watching what someone else is keying.

More sophisticated snooping uses software programs to remotely monitor activity on a computer or network device, e.g., malicious hackers or keyloggers that monitor keystrokes, capture passwords and login information, and intercept emails and other private data transmissions and communications. Corporations sometimes snoop on employees, mostly legitimately, to monitor use of business computers and track Internet usage; governments may snoop on individuals to collect information and avert crime and terrorism.

Although snooping has a negative connotation, in general in computer technology, snooping can refer to computer programs that perform a monitoring function. An interesting example of snooping, whether it was intentional or not, was the Google ‘Street View’ cars snooping incident; where, in addition to snapping photos of the houses and roadways, the Google car secretly harvested many– emails, photographs, and other personal data from WiFi networks…

In the U.S. there is a proposed new law, the ‘Cyber Intelligence Sharing and Protection Act of 2011’; this law basically allows the government and private companies to communicate about cyber-security threat information. It allows intelligence communities to share threat details with private companies, and encourages companies to do the same. More to the point, the information shared would be exempted from public disclosure.

Not surprisingly, civil liberties groups are up in arms, and as ‘Andrew Couts’ writes; the big problem with the legislation is trust. It demands that we trust the government and big business not to do the wrong thing. The fact remains that critical portions of the bill, e.g., vague definition of cyber threat and national security, far-reaching exceptions to existing laws, and toothless protections for privacy– all require trust that the federal government and corporations will not violate the people rights. This is a worrying trend we’re seeing around the world.

In Britain, there are similar moves with proposed legislation that allows the government to monitor every email, text message and phone call flowing throughout the country. Under the British law, Internet service providers (ISPs) would be forced to install hardware that would give law enforcement real-time, and on-demand access to every internet user’s IP address, email address books, when and to whom emails are sent and how frequently– as well as, the same type of data for phone calls and text messages… One senior UK coalition source said: There is going to be a big battle between those in favor of security and those in favor of liberty.

In the article In the Cyber Snooping: How Online Spying Permeates the Workplace by Cindy Krischer Goodman writes:  Everything we do online is out there for the world to see… Are you a cyber snooper? Do you think we all need to be? As social media explodes and information comes to us in the palm of our hand, we can’t resist using what we glean from the Web to gain a leg-up in business.

We now have the ability to go online to see who got the job we wanted, whether a co-worker spent the weekend golfing with the boss or what new marketing gimmick our competitor might be offering. ‘People should be aware of what’s happening in their companies and their industries,’ said Vanessa McGovern, independent consultant. ‘It makes good business sense.

Today, more people on social media sites share information about their lives through status updates, location check-ins and résumé changes’. Overall, more than 66% Internet users participate on social network sites, as of February 2012, up from 46%, in 2009. Vigilant monitoring of online activity led one advertising agency owner to discover her largest client was talking to a competitor.

Another small business owner said– she noticed a client whose business she wanted– regularly checked into a particular restaurant, on Foursquare. So, she invited the client out to lunch, at that restaurant, casually mentioning it was her own favorite dining spot. Many companies see social networks as mere distractions for their employees, but there are those who recognize the tremendous opportunity they represent as a research tool.

With employers, bosses and competitors– snooping, spying… on each other, how do workers and employers adapt and keep private what they don’t want public? Is it even possible anymore? Five years ago, this was not possible, but now it’s a huge business competitive advantage. Or, is it just snooping…

In the article Social Snooping for Business Opportunities by Kaleidico writes: Twitter, and ask one simple question: What are you doing? This simple question, and the increasingly intertwined network of social connections have sparked a revolution. Everyone is trying to figure out how to leverage millions of users, hundreds of applications, and an increasingly social ethos on the Web.

But, the challenge is even greater for use in business strategy: It’s not just Twitter– also, Google Profiles, Google Reader, Facebook, Linkedin, FriendFeed, Yelp, Blogs… At the most basic level the social graph (generic term for the social network) is system of nodes connected by relationships and communications. The nodes are people, relationships, and communications that are observable to determine relevance to business objectives– e.g., getting more sales… Let’s take a closer look:

1. Monitoring Social Chatter: Let’s return to the most basic and common social question asked by all of these new social networks: ‘What are you doing?‘ This simple question elicits responses like:

  • “Tasked with first email campaign, I’m nervous”
  • “What is the best place to book travel?”
  • “Need a new pair of running shoes…suggestions?”
  • “My Internet is down again. I’ve had it with Company B!”

All these responses are potential sales or customer service leads. Are you catching them? Are you engaging them?

2. Identifying the Nodes: Monitoring the social chatter is just one part of the equation. The Internet is still shrouded in pseudonyms and aliases. This is where most social networking processes go into a time-consuming search for hunches. Ironically, most of the answers to whom these people are, and how to connect to them are in their social profiles. Chances are they are promoting something and want to be found. You just need to follow the thread to their contact information, i.e., do a little snooping.  Each of these profiles, given relevant conversations, is a potential prospect. Are you getting them identified, and into your sales pipeline?

3. Leveraging Connections: One of the most powerful laws of networks is their tendency to clump into hubs and communities. This ultimately means the more nodes you collect and/or ‘connect with’ the more likely you are to be one step away from a referral– the gold standard of sales leads.  This information is typically a little trickier, but the practice of connecting to friends is adding information to the social graph each day. Harvesting this information and putting it into context can give you multiple channels into a prospective client. The opportunities flow from a multitude of search engines and social networks into your ‘sales funnel’. The result is an endless flow of potential business opportunities in the sales process… all it takes is a little snooping…

According to Nolo.com: If you want privacy, don’t count on emails. Emails may feel like a private, one-to-one conversation safe from prying eyes but emails, on the contrary, are not secure and private: In fact, email messages can be intercepted and read anywhere in their transit, or reconstructed and read off of backup devices, where the emails can be stored for an extended period of time.

If you’re sending emails at work, the boss can legally monitor them, and if the company becomes involved in a lawsuit, the adversary has the legal right to review them. If you send emails from home, anonymous hackers can intercept them, and if you are suspected of a crime, law enforcement officials with a warrant can seize all your electronic mail.

Even Internet service provider (ISP) may legally be able to scrutinize your emails. What all this means is simply: Unless you take affirmative steps to protect your messages, don’t count on emails as confidential method of transmitting information. In many companies, new employees may be asked to sign and acknowledge some form of employer email policy.

The policy will probably inform you that emails are for business purposes, that computer systems at work are property of employer, that emails may be monitored, and that you have no reasonable expectation of privacy in the use of emails. A written statement like this, signed by an employee, creates a contract upon which an employer can rely, if they want to snoop.

Even if there is no signed agreement or written policy, an employer can still peek into emails (or your desk for that matter) — assuming, as is usually the case, that you have no reasonable expectation of privacy as to the contents. In the end, emails’ speed and convenience outweighs its non-private nature for most every day discussions. But think of emails like; postcards, not letters– where messages are open to everyone’s snooping eye, along the way.

Computer enabled snooping, spying... has increased the scope and abilities of companies, governments and private interests that wish to obtain sensitive personal and business information. The ever-increasing number of reports of criminal and unethical incidents on the Internet– compromise of sensitive personal data,  stolen credit- and debit-card data, theft of businesses’ IP,  accessing proprietary business information…– suggest that cyber snooping, spying… is having a serious economic impact on consumers and businesses.

While it’s difficult to estimate size of the problem, the consequences of cyber snooping, spying… is enormous.  These are real threats to all global nations– it’s war for competitive information. We all must face what is described as an evolving array of Internet threats, which include; unethical business practices, corrupt employees, criminal groups, hackers, sinister nations…

According to Justin Basini; ‘Your Internet browser is a fantastic way for people to know your interests; your mobile phone is the best way for people to track your movements; and your social networks gives a complete view of your personal connections.

Initiatives like ‘privacy by design’ encourage businesses, organizations, and governments to view people not as ‘users’ but ‘data owners’, but the reality is that the collection of data about people largely goes on without transparency and without much control.

Regulators both in Europe and the U.S. are battling to establish consumer rights over information, but they are under intense fire from the vested interests of companies who know that their value is intrinsically linked to the data they hold on people.

Therefore, the public must reconcile a key question– Is Internet cyber snooping, spying… a threat to the public’s civil liberties, or is cyber snooping, spying… necessary to keep those liberties safe? Where is the balance?