Spyware-For-Business Company Thinks Concerns About 'Medical Bills' Are Indicators Of An 'Insider Threat'

from the terminated-for-googling-'student-loans' dept

Mon, Mar 30th 2015 3:47am — Tim Cushing

It's no secret that many companies monitor their employees' computer use. But things are going much further than simply ensuring the normal "don'ts" -- file sharing, porn viewing, etc. -- are tracked for disciplinary reasons. Companies are now on the lookout for the next "insider threat." Some companies are viewing the Snowden saga as the ultimate cautionary tale, albeit one that results in more surveillance rather than less. (via Dealbreaker)

Guarding against such risks is an expanding niche in the security industry, with at least 20 companies marketing software tools for tracking and analyzing employee behavior. “The bad guys helped us,” says Idan Tendler, the founder and chief executive officer of Fortscale Security in San Francisco. “It started with Snowden, and people said, ‘Wow, if that happened in the NSA, it could happen to us.’ ”

But the effort to find -- and prevent -- the next "insider threat" from damaging his or her company seems to be just as misguided as the government's efforts to do the same. Looking for potential threats often results in viewing almost everything as an indicator of future treachery.

One company cited "changes in email habits" as being indicative of an "insider threat." Others, like Stroz Friedberg, aren't as selective. The company, started by former FBI agent Edward Stroz, veers into the same dangerous territory the government does when rooting out "threats." In its hands, normal activities are viewed with suspicion by its monitoring software.

The software establishes a base line and then scans for variations that may signal that an employee presents a growing risk to the company. Red flags could include a spike in references to financial stresses such as “late rent” and “medical bills.”

And what better way to tackle "late rent" or "medical bills" than suddenly finding yourself unemployed simply because re-purposed FBI analytic software thinks any small sign of (possibly temporary) financial instability indicates your next move will be to steal something. Millions of people in the US deal with these realities frequently -- especially the latter. And yet, millions of employees still find other ways to tackle these problems instead of dipping their hands in the tills or running off with sensitive documents.

Stroz's software also thinks -- like the government -- that an unhappy employee is a malicious employee.

He offers the scenario of a star trader at a bank who’s disappointed with the size of her annual bonus. Instead of being blindsided when she defects to a rival, a bank using Scout could identify her discontent early and make sure she doesn’t take sensitive data or other team members with her.

Or, the company could try to work with the employee rather than just secretly track her until her eventual exit. Once again, unhappy employees leave companies all the time without taking anything with them. Sure, a few do, but the deployment of software like this will generally produce more false positives (and a further strain work relationships) than insider threats. And there's nothing like firing people for something they haven't done (but might!) to endear a company to its remaining employees.

Despite all of this, Edward Stroz believes his company's predictive employee policing software is just another way for companies to show their employees how much their staff means to them.

He’s still careful when discussing the software, describing it as a way to help employers build a “caring workplace.”

Oh, it's anything but. While employees will often accept monitoring of their internet/computer usage as being a necessary part of the employee-employer relationship, they're not going to be happy to find out that searching for information about medical bills might see them lose a source of income. And they're definitely not going to be thrilled to learn that expressing displeasure about company practices and policies may result in the same thing. If a company wants to foster a "caring workplace," it should be addressing employee discontent, not monitoring it. But what do you expect from companies -- and the entities that provide them with spyware -- that view the Snowden leaks as justifying increased surveillance?

Oh, and employees had better believe their file sharing use will be actively monitored (and used against them). Stroz Friedberg may be making enterprise pre-crime software now, but its past as an RIAA lobbying firm (and its slightly-later past as a Six Strikes "independent expert") has been well-noted.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: insider threats, monitoring, spyware
Companies: fortscale security

29 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Violynne (profile), 30 Mar 2015 @ 3:27am

The Stroz Analysis Engine is a powerful tool for your business. Recently established in Fortune 500 companies, all but two are now bankrupts as the software positioned 99.9% of employees as threats.

"At Stroz, we believe to be human is to be a threat, so we'll ensure all your employees are either 'happy' (to have a job, willfully bending to corporate policy) or fired." - Stroz

*rolls eyes

PS: Walmart, think twice before using this software. It's bad enough you only have two checkouts open at any time. This software will reduce that number to zero.
[ link to this | view in chronology ]
- Paul Renault (profile), 30 Mar 2015 @ 3:58am
  
  Re:
  I'd like to hope that, if you're not already boycotting Walmart (y'know, for all the scummy moves they've done over the years), you'll stop shopping there (how else would you know about those two cash register?) if they implement the Stroz software.
  [ link to this | view in chronology ]
That Anonymous Coward (profile), 30 Mar 2015 @ 4:23am

Gee why does this level of disconnect from reality not shock me. See Also: "Independent" Review of CCI

This maybe just maybe helps highlight the amazing disconnect between those on top and those who provide them that living.

Workers are seen as threats no matter what, oh something horrible happened to them... QUICK LOCK THE FILES!!
Once upon a time a business would find out about troubles befalling their workers and extend some reasonable aid, because a happy worker is more productive and committed to the company.

Now everything is viewed from the viewpoint of those "on top" where if you see a weakness, you pounce and destroy. And living with this constant fear of takeovers, SEC investigations, etc where everyone is after them they become paranoid. They spend MILLIONS of dollars, that they got by cutting into the compensation for the workers, propping up the sales pitch of if you do not do this your workers will destroy you... ignoring that these sorts of actions will do very little to catch people committed to your downfall, and increases the sheer number of people who will grow to despise you and will help the one who decides you need to go down.

See also: Every stupid plan the **AA's have ever put forth.
Punish those who pay them, chasing imaginary dollars.
[ link to this | view in chronology ]
- Pragmatic, 1 Apr 2015 @ 4:48am
  
  Re:
  You're talking about people who see revenue as property and paying wages as theft. CEO and top-tier management bonuses, not so much.
  [ link to this | view in chronology ]
Rambler330 (profile), 30 Mar 2015 @ 4:40am

What is the False Positive rate?
I can't see where the accuracy of such of a system would be very high. What kind of resources is a company going to deploy to verify that an employee is actually a risk after being flagged? What are they going to do after 6 months when 80% of their employees have been identified as risks?
[ link to this | view in chronology ]
- Ninja (profile), 30 Mar 2015 @ 4:50am
  
  Re: What is the False Positive rate?
  Fire everybody and close the company. Problem solved, no more inside threat!
  [ link to this | view in chronology ]
Anonymous Coward, 30 Mar 2015 @ 4:49am

It's a scam!
The only company that will make money from this software is the one that sells it.

It's feeding on the combined beliefs that computers can now perform acts of wizardry in the eyes of the non-specialists and that 'predictive' algorithms are actually accurate enough to pinpoint "threats" because lettersoup-organizations keep trying to convince the public that they are...

To me it sounds like someone trying to sell snakeoil...
[ link to this | view in chronology ]
Rich Kulawiec, 30 Mar 2015 @ 4:54am

Email content scanning doesn't work
We've learned that -- painfully -- over 20+ years of trying to detect spam, phishing, and malware.

If you haven't been working in these areas, let me summarize: the code which attempts to do this requires daily updates in order to have a decent chance of yielding results with acceptable FP (false positive) and FN (false negative) rates. And even with all that constant, meticulous attention to detail, it still fails miserably all day, every day. It really is a horrible mess.

The reason is simple: it's an attempt to "enumerate badness", which is aptly described by Marcus Ranum in The Six Dumbest Ideas in Computer Security as Dumb Idea #2. Stroz's software isn't exempt from this problem -- but given their marketing pitch, which is geared toward naive customers who only care about FN rates and not FP, they'll probably just ignore it.
[ link to this | view in chronology ]
Anonymous Coward, 30 Mar 2015 @ 4:58am

*running risk analysis*

Target: Commentators Of Techdirt

Status: Risk

Recommendation: Revoke Access

There you go Techdirt! No more insider threats! That'll be $100,000.
[ link to this | view in chronology ]
- Paul Renault (profile), 30 Mar 2015 @ 5:25am
  
  Re: (deeply indebted to the AC)
  Actually:
  *re-running risk analysis, with volume set to 11*
  
  Target: Employees, Stringers, Guests, Staff, Consultants, The Barista at StarBucks, etc, Of Techdirt
  
  Status: Risk
  
  Recommendation: Fire them all. Shut the business down. Move to Ittoqqotoormiit, learn to love dried ammasat and raw caribou liver.
  
  No more insider, outsider, or bystander threats.
  
  That'll be $300,000, please.
  [ link to this | view in chronology ]
- ryuugami, 1 Apr 2015 @ 2:10pm
  
  Re:
  Oh, at Techdirt they already track insider threats.
  
  What did you think those "insider" labels are?
  [ link to this | view in chronology ]
Andy, 30 Mar 2015 @ 5:09am

Right, I've got an idea, bear with me, I've only just thought of this...

How about companies (and Gov agencies etc) stop doing things that need to be whistleblown about?

Is it possible that just this one small change in philosophy could prevent these many whistleblowers who are just waiting for that one scandal they can break?

I know, I must be crazy right... who would consider actually functioning like a civilised human being!
[ link to this | view in chronology ]
- That Anonymous Coward (profile), 30 Mar 2015 @ 5:18am
  
  Re:
  No one with power, because they got there, most often, by doing the exact same underhanded things they are terrified of others doing.
  [ link to this | view in chronology ]
  - Thrudd, 30 Mar 2015 @ 5:51am
    
    Re: Re:... what they are afraid of
    Is not underhanded snake strangling scum. Those they can deal with by either promotions or stock options. What scares them are people who have a conscience and will blow the whistle on them. It is the Dudley Dorights that have them terrified.
    Maybe I should get into the discount torch pitchfork tar and feather distribution business? I hear that it will be a seller's market.
    [ link to this | view in chronology ]
Anonymous Coward, 30 Mar 2015 @ 5:43am

They need to learn about cause and effect
Is it any wonder that companies like this create disgruntled employees? What they should be doing is figure out why their employees get disgruntled and tackle the cause. Instead, they are just creating more disgruntled employees.
[ link to this | view in chronology ]
- Anonymous Coward, 30 Mar 2015 @ 5:52am
  
  Re: They need to learn about cause and effect
  What they should be doing is figure out why their employees get disgruntled and tackle the cause.
  
  When the the employers are the problem, they will never find the cause.
  [ link to this | view in chronology ]
TRX, 30 Mar 2015 @ 5:52am

This isn't the first time the question of personal mail on a work account has come up. I first encountered articles on it in the late 1980s.

Nowadays, with most people having mail at home, or even a smartphone, I have trouble understanding why the question even comes up.

Nothing good can come out of using your employer's machines for mail.
[ link to this | view in chronology ]
Reality bites, 30 Mar 2015 @ 6:18am

The corporations would prefer everyone in leg chains
Since corporations don't have a brain, its dangerous to treat them as entities, they make Manson look civilized.
[ link to this | view in chronology ]
- Anonymous Coward, 30 Mar 2015 @ 7:12am
  
  Re: The corporations would prefer everyone in leg chains
  lucky for them the companies that make military hardware for the US military are given prisoners to work for them as slave labour
  [ link to this | view in chronology ]
afn29129 (profile), 30 Mar 2015 @ 6:24am

distrust the employer
It goes both ways.
[ link to this | view in chronology ]
Anonymous Anonymous Coward, 30 Mar 2015 @ 7:33am

Maxims
Give respect in order to get respect.

To learn to lead, one must learn to follow.

Why does management have, and keep, their collective heads in the sand? While this is not true for all management, it seems true for most management.
[ link to this | view in chronology ]
Jack, 30 Mar 2015 @ 8:41am

While insider threats can actually be a problem for SOME businesses, by far the biggest "insider" threat to a business is due to the fact that employees are lazy as hell and don't adhere to security protocols. They download anything, open every attachment in their email, and do generally stupid things on their work machines. This opens the door and gives a potential hacker a pivot point on the network. That is by far the biggest insider threat.

Spending big dollars on this software (and this type of software is absurdly expensive)is stupid, intrusive, and isn't going to do anything for security. The fact they characterize insider threats as "hard up" for money or have medical bills or are unhappy shows a complete lack of understanding of the vast majority of insider problems. The typical threat is far more mundane - just pure curiosity. People with keys wanting to see what is behind the all the doors they can open. IT admins reading management emails and things like that.
[ link to this | view in chronology ]
Baron von Robber, 30 Mar 2015 @ 8:43am

"Mr. Anderson..."
[ link to this | view in chronology ]
ECA (profile), 30 Mar 2015 @ 8:51am

Ok
More stupid thoughts..

Dont companies and corps get w write off for Estimated theft?
With this software I would NOT give them a write off.

Its Standard procedure in all business to anticipate a Loss prevention of Upto 10% of sales.
Anything below 5% is great..
but with the Over priced goods in the USA, they are anticipating a Net loss of 30+%..(which means goods are 3 times the price)
[ link to this | view in chronology ]
Anonymous Coward, 30 Mar 2015 @ 9:49am

Sounds like a great lawsuit for discrimination based upon disability. Google medical bills and something disability oriented if you think you're in danger of getting fired for your legal authorized computer usage.
[ link to this | view in chronology ]
Anonymous Coward, 30 Mar 2015 @ 9:53am

Or you know...
Sit down and talk to your employees regularly like real people...

God forbid we actually have conversations with our fellow coworkers to see how they're feeling about life and work. Establishing a trusting personal relationship will go a lot further toward discouraging malicious behavior than some spying software and the untrusting management of suspicious employees.
[ link to this | view in chronology ]
Christenson, 30 Mar 2015 @ 9:57am

Perfect!!!
Those who purchase and use this software *ARE* the insider threats!
[ link to this | view in chronology ]
Blackfiredragon13 (profile), 30 Mar 2015 @ 1:48pm

Time for sarcasm.
Tim you must be joking! Of course those with medical problems are a threat! Why else would TSA give those people trouble and search them in disturbing and invasive ways? Everyone knows that those with medical conditions and horrific injuries leaving them mute are Islamic terrorists just waiting to crash a plane into the new World Trade Center! Just the other day I saw police hassling an old woman with a walker; clearly she has the codes to the president's launch codes.
[ link to this | view in chronology ]
tqk (profile), 30 Mar 2015 @ 4:39pm

TL;DR: Lost me at ...
Badguys == Snowden.
[ link to this | view in chronology ]