Information Security News mailing list archives
Software would heighten ability to monitor employees
From: InfoSec News <isn () C4I ORG>
Date: Wed, 14 Jun 2000 19:45:29 -0500
http://www.techserver.com/noframes/story/0,2294,500216198-500306527-501702299-0,00.html By JUSTIN POPE, Associated Press BOSTON (June 14, 2000 6:49 p.m. EDT http://www.nandotimes.com) - Beware, corporate snitches loose with company secrets - your boss may have a new tool to track what you do with your computer. Lexington-based defense contractor Raytheon Co. claims its "SilentRunner" software is the vanguard of network monitoring. Rather than rely solely on searches for suspicious keywords, the program uses algorithms to analyze communications patterns. Then it turns its analysis into 3-D pictures. By looking at the pictures, monitors can follow traffic patterns and detect "back doors" or other anomalies that may mean sensitive data is at risk. And it's all undetectable by those being monitored. Raytheon says the $65,000 program is a better way of protecting companies from malicious or careless employees who threaten corporate secrets. Also, the company argues, it's less intrusive because monitors can identify potential problems without having to comb through individual files or e-mails to look for suspicious keywords. Clients already include government agencies and private companies, Raytheon said, though it won't say which ones. On Wednesday, the company's Linthicum, Md.-based Information Assurance Products division unveiled the software in Arlington, Va., hoping to expand the market for the software to a broader range of clients - basically, anyone with a valuable secret to keep. It's an issue that hits close to home for Raytheon, which last year sued 21 people - mostly employees - last year for allegedly divulging trade secrets in Internet chat rooms. Division vice president Jeff Waxman says the project was well under way long before Raytheon's own bad experience. But Raytheon isn't the only company that's suffered. The company cited a study arguing the Fortune 1000 companies lost $45 billion worth of proprietary information last year, with most of the security breaches coming not from hackers but from inside the companies. Still, while conceding improved technology could allow employees to be monitored in a less threatening way, some remain concerned about the overall effect of anything that makes Big Brother more efficient, especially when there is little legal framework concerning workplace computer privacy. "It opens up a host of issues," said David Sobel, general counsel of the Electronic Privacy Information Center in Washington, D.C. "What is the employer going to do with this information? What due process rights would an employee have if a termination was based on info gathered through a system? It's very problematic." Raytheon says there's an important distinction between intruding into workers' private lives and protecting private company information. "SilentRunner is very possibly the least invasive technology of this type," said Waxman. "It was designed with protection of data in mind, not for overseeing employees' habits." Indiana University law professor Sarah Jane Hughes said she is usually wary of threats to privacy, but she said Raytheon's technology sounds like a promising way to balance individual privacy and company needs. Hughes also said a fierce but misplaced idealism about the Internet often leads people to believe they should be allowed to do things in cyberspace - like divulging company secrets - that wouldn't be tolerated elsewhere. "I certainly am as interested as the next person in my personal privacy on the Internet, but I don't think the availability of the Internet gives us license to commit certain kinds of torts or property thefts that we would not be allowed to commit in the atomic world." ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Software would heighten ability to monitor employees InfoSec News (Jun 15)