Spyware-For-Business Company Thinks Concerns About 'Medical Bills' Are Indicators Of An 'Insider Threat'
from the terminated-for-googling-'student-loans' dept
It's no secret that many companies monitor their employees' computer use. But things are going much further than simply ensuring the normal "don'ts" -- file sharing, porn viewing, etc. -- are tracked for disciplinary reasons. Companies are now on the lookout for the next "insider threat." Some companies are viewing the Snowden saga as the ultimate cautionary tale, albeit one that results in more surveillance rather than less. (via Dealbreaker)
Guarding against such risks is an expanding niche in the security industry, with at least 20 companies marketing software tools for tracking and analyzing employee behavior. “The bad guys helped us,” says Idan Tendler, the founder and chief executive officer of Fortscale Security in San Francisco. “It started with Snowden, and people said, ‘Wow, if that happened in the NSA, it could happen to us.’ ”But the effort to find -- and prevent -- the next "insider threat" from damaging his or her company seems to be just as misguided as the government's efforts to do the same. Looking for potential threats often results in viewing almost everything as an indicator of future treachery.
One company cited "changes in email habits" as being indicative of an "insider threat." Others, like Stroz Friedberg, aren't as selective. The company, started by former FBI agent Edward Stroz, veers into the same dangerous territory the government does when rooting out "threats." In its hands, normal activities are viewed with suspicion by its monitoring software.
The software establishes a base line and then scans for variations that may signal that an employee presents a growing risk to the company. Red flags could include a spike in references to financial stresses such as “late rent” and “medical bills.”And what better way to tackle "late rent" or "medical bills" than suddenly finding yourself unemployed simply because re-purposed FBI analytic software thinks any small sign of (possibly temporary) financial instability indicates your next move will be to steal something. Millions of people in the US deal with these realities frequently -- especially the latter. And yet, millions of employees still find other ways to tackle these problems instead of dipping their hands in the tills or running off with sensitive documents.
Stroz's software also thinks -- like the government -- that an unhappy employee is a malicious employee.
He offers the scenario of a star trader at a bank who’s disappointed with the size of her annual bonus. Instead of being blindsided when she defects to a rival, a bank using Scout could identify her discontent early and make sure she doesn’t take sensitive data or other team members with her.Or, the company could try to work with the employee rather than just secretly track her until her eventual exit. Once again, unhappy employees leave companies all the time without taking anything with them. Sure, a few do, but the deployment of software like this will generally produce more false positives (and a further strain work relationships) than insider threats. And there's nothing like firing people for something they haven't done (but might!) to endear a company to its remaining employees.
Despite all of this, Edward Stroz believes his company's predictive employee policing software is just another way for companies to show their employees how much their staff means to them.
He’s still careful when discussing the software, describing it as a way to help employers build a “caring workplace.”Oh, it's anything but. While employees will often accept monitoring of their internet/computer usage as being a necessary part of the employee-employer relationship, they're not going to be happy to find out that searching for information about medical bills might see them lose a source of income. And they're definitely not going to be thrilled to learn that expressing displeasure about company practices and policies may result in the same thing. If a company wants to foster a "caring workplace," it should be addressing employee discontent, not monitoring it. But what do you expect from companies -- and the entities that provide them with spyware -- that view the Snowden leaks as justifying increased surveillance?
Oh, and employees had better believe their file sharing use will be actively monitored (and used against them). Stroz Friedberg may be making enterprise pre-crime software now, but its past as an RIAA lobbying firm (and its slightly-later past as a Six Strikes "independent expert") has been well-noted.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: insider threats, monitoring, spyware
Companies: fortscale security
Reader Comments
Subscribe: RSS
View by: Time | Thread
"At Stroz, we believe to be human is to be a threat, so we'll ensure all your employees are either 'happy' (to have a job, willfully bending to corporate policy) or fired." - Stroz
*rolls eyes
PS: Walmart, think twice before using this software. It's bad enough you only have two checkouts open at any time. This software will reduce that number to zero.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
This maybe just maybe helps highlight the amazing disconnect between those on top and those who provide them that living.
Workers are seen as threats no matter what, oh something horrible happened to them... QUICK LOCK THE FILES!!
Once upon a time a business would find out about troubles befalling their workers and extend some reasonable aid, because a happy worker is more productive and committed to the company.
Now everything is viewed from the viewpoint of those "on top" where if you see a weakness, you pounce and destroy. And living with this constant fear of takeovers, SEC investigations, etc where everyone is after them they become paranoid. They spend MILLIONS of dollars, that they got by cutting into the compensation for the workers, propping up the sales pitch of if you do not do this your workers will destroy you... ignoring that these sorts of actions will do very little to catch people committed to your downfall, and increases the sheer number of people who will grow to despise you and will help the one who decides you need to go down.
See also: Every stupid plan the **AA's have ever put forth.
Punish those who pay them, chasing imaginary dollars.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
What is the False Positive rate?
[ link to this | view in chronology ]
Re: What is the False Positive rate?
[ link to this | view in chronology ]
It's a scam!
It's feeding on the combined beliefs that computers can now perform acts of wizardry in the eyes of the non-specialists and that 'predictive' algorithms are actually accurate enough to pinpoint "threats" because lettersoup-organizations keep trying to convince the public that they are...
To me it sounds like someone trying to sell snakeoil...
[ link to this | view in chronology ]
Email content scanning doesn't work
If you haven't been working in these areas, let me summarize: the code which attempts to do this requires daily updates in order to have a decent chance of yielding results with acceptable FP (false positive) and FN (false negative) rates. And even with all that constant, meticulous attention to detail, it still fails miserably all day, every day. It really is a horrible mess.
The reason is simple: it's an attempt to "enumerate badness", which is aptly described by Marcus Ranum in The Six Dumbest Ideas in Computer Security as Dumb Idea #2. Stroz's software isn't exempt from this problem -- but given their marketing pitch, which is geared toward naive customers who only care about FN rates and not FP, they'll probably just ignore it.
[ link to this | view in chronology ]
Target: Commentators Of Techdirt
Status: Risk
Recommendation: Revoke Access
There you go Techdirt! No more insider threats! That'll be $100,000.
[ link to this | view in chronology ]
Re: (deeply indebted to the AC)
*re-running risk analysis, with volume set to 11*
Target: Employees, Stringers, Guests, Staff, Consultants, The Barista at StarBucks, etc, Of Techdirt
Status: Risk
Recommendation: Fire them all. Shut the business down. Move to Ittoqqotoormiit, learn to love dried ammasat and raw caribou liver.
No more insider, outsider, or bystander threats.
That'll be $300,000, please.
[ link to this | view in chronology ]
Re:
What did you think those "insider" labels are?
[ link to this | view in chronology ]
How about companies (and Gov agencies etc) stop doing things that need to be whistleblown about?
Is it possible that just this one small change in philosophy could prevent these many whistleblowers who are just waiting for that one scandal they can break?
I know, I must be crazy right... who would consider actually functioning like a civilised human being!
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:... what they are afraid of
Maybe I should get into the discount torch pitchfork tar and feather distribution business? I hear that it will be a seller's market.
[ link to this | view in chronology ]
They need to learn about cause and effect
[ link to this | view in chronology ]
Re: They need to learn about cause and effect
When the the employers are the problem, they will never find the cause.
[ link to this | view in chronology ]
Nowadays, with most people having mail at home, or even a smartphone, I have trouble understanding why the question even comes up.
Nothing good can come out of using your employer's machines for mail.
[ link to this | view in chronology ]
The corporations would prefer everyone in leg chains
[ link to this | view in chronology ]
Re: The corporations would prefer everyone in leg chains
[ link to this | view in chronology ]
distrust the employer
[ link to this | view in chronology ]
Maxims
To learn to lead, one must learn to follow.
Why does management have, and keep, their collective heads in the sand? While this is not true for all management, it seems true for most management.
[ link to this | view in chronology ]
Spending big dollars on this software (and this type of software is absurdly expensive)is stupid, intrusive, and isn't going to do anything for security. The fact they characterize insider threats as "hard up" for money or have medical bills or are unhappy shows a complete lack of understanding of the vast majority of insider problems. The typical threat is far more mundane - just pure curiosity. People with keys wanting to see what is behind the all the doors they can open. IT admins reading management emails and things like that.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Ok
Dont companies and corps get w write off for Estimated theft?
With this software I would NOT give them a write off.
Its Standard procedure in all business to anticipate a Loss prevention of Upto 10% of sales.
Anything below 5% is great..
but with the Over priced goods in the USA, they are anticipating a Net loss of 30+%..(which means goods are 3 times the price)
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Or you know...
God forbid we actually have conversations with our fellow coworkers to see how they're feeling about life and work. Establishing a trusting personal relationship will go a lot further toward discouraging malicious behavior than some spying software and the untrusting management of suspicious employees.
[ link to this | view in chronology ]
Perfect!!!
[ link to this | view in chronology ]
Time for sarcasm.
[ link to this | view in chronology ]
TL;DR: Lost me at ...
[ link to this | view in chronology ]