Hello,
I have a situtation that I am trying to find solution to. My company, like many, is experiencing a tough time with the current economic climate. Unfortunately, we have had to lay some employees off, and this is a contributing factor to many employees resorting to anonymously posting very negative and libelous comments about the company. Senior management is convinced that these postings are coming from employees that are posting using company equipment on company time. We have used our existing web content filtering system to confirm that employees have visited the particular site from company networked PCs. However, I am unable to determine exactly what actions they are taking (what text they are actually posting).
Is anyone aware of any network based tools (not interested in installing client side software on a gazillion workstations) or creative techniques that I might use to determine what exactly is being posted? I do understand that I would only be able to monitor networks/systems under my companies control.
Thanks
neteng33,
although I am not aware of any tools for blog monitoring my good friend Aaron developed and operates a company dedicated solely to the monitoring and caching of social media. The company is called techrigy and they may be able to help you out - they won't have the experience to provide you with anything related to forensics, but they will be able to give you historical and incremental data related to various blogs and social outlets.
A few thoughts
Assuming the company has user policy that includes "no reasonable expectation of privacy" and "subject to monitoring" statements that are acknowledged by the users in writing
Have you hung a sniffer (Wireshark or some such) and captured network traffic for analysis?
Considered keyboard logging on suspect computers?
How about analyzing the cached data and other information on their boxes? I imagine you'll find artifacts–possibly partial or whole copies–that they posted online.
I do understand that I would only be able to monitor networks/systems under my companies control.
There are two parts to this question, one of which has not been mentioned. There are I'm sure quite a few ways to accomplish the technical side of this. There are also privacy considerations to consider with any approach that captures what a user is doing on his/her computer. While your company's technology usage policy may state something to the effect of what csericks mentioned, you should consult with your in-house counsel if they are not part of senior management before doing this.
For example, let's say your monitoring program has identified a person of interest and you have the text traffic to prove it. However, along with that traffic you've also captured the text of e-mail messages to his/her attorney regarding commencing a legal proceeding against your company and perhaps other sensitive personal information. If this sounds like a remote possibility, please see the NJ Appellate Court decision in Stengart v. Loving Care from June 2009 where the Court rejected the employer's claimed right to "rummage through" and retain (in this case) the employee's e-mails to her attorney(http//
Protection of anonymous speech is a thorny issue and the protections vary by state. An alternate and more conservative first step may be for your company to contact the blog or site directly and request that the offending posts be removed.
Thank you for expanding on that, John. You hit the nail on the head.
Foremost in mind, whenever I am about to delve into a case, is considering my legal authority to search associated exhibits. If I think a warrant insufficiently provides for a search, I bring it to the attention of the LE in charge of the case and I do not proceed until I have satisfactory written authorization. In that I can be held personally liable and deprived of my liberty or assets by violating someone's constitutional rights, I have no desire to exceed the scope of my search authority.
Great advice, John!
An older thread, but worth discussing anyway as a recurring situation that the thread doesn't adequately address.
The legalities are far too intricate to address properly here, but a more practical question might be "What, exactly, does management propose to do with or to the employee(s) involved once they're identified?" While it's understandable that these posts are extremely irritating to management, I get the feeling that they might be about to jump from a situation that's merely irritating to to one that could be truly disastrous for the company PR-wise, will be costly, fraught with legal peril, and will quite likely poison the atmosphere of the workplace.
Let me start with these propositions
1. While freedom of speech and freedom from unreasonable intrusion on privacy are not guaranteed by the Constitution where employers are concerned (except certain governmental employers), the fact is that employees EXPECT these rights to extend into the workplace to at least some degree and the courts agree. The only question is to what extent the courts will protect those expectations. It is by no means settled law as to how this expectation extends to electronic communications - especially in the "Social Web" space.
2. While freedom of speech does not extend to libelous speech, libel cases can be messy to prove and will probably be much more disruptive to the organization and more costly than the blog postings themselves.
3. Employees involved have friends in the workplace who will resent such an action and consider it to be heavy-handed. And even those who aren't friends will be made to feel extremely uncomfortable and anxious over such corporate actions. The secondary costs associated with these consequences can be quite substantial, with a negative impact to productivity and quite possibly the loss of valuable employees who won't tolerate unreasonable corporate actions.
4. Management will have to prove damages. Can they? And, arising from that, what kind of a financial recovery can the employer reasonably expect from these employees even if the case is successful?
5. What will NOT be libelous will be the inevitable postings that will be made regarding the company's heavy-handed methods in dealing with employees for behavior that many in society will not, frankly, consider to be that serious. Few blog readers take everything they read at face value anyway, and a disgruntled employee 's post is pretty easy to recognize. "EMPLOYEE SUED/FIRED FOR BLOG POST", on the other hand, always makes great blog fodder. It won't be libelous, it will spread across the blogosphere, and it won't help your company's image one little bit.
6. Truth is an absolute defense to a libel action, and "truth" will be determined by a jury that might just see things the employee's way, or at least give them the benefit of the doubt - especially in a "David and Goliath" case such as this one would be. You can just about gar-on-tee that their sympathies will be with the employee and not with the "big bad corporation".
7. Is the company prepared to defend a wrongful-termination countersuit? Oh, they can be expensive!!
8. Who knows what will come out in court during the trial? Trials are funny that way. You pull the starter cord, the case roars to life and takes off on its own, mowing down everything in sight. It's called "discovery", and it's a two-edged sword.
9. What's preventing a company representative from posting a corrective post to the blog? Not for purposes of engaging in a debate, but simply to put the company's position on the record. If done objectively, without insulting or impugning the original poster (even in a kind fashion), this can completely discredit the original poster in the minds of the blog readers.
Maybe, instead of forensics, your management team needs some sort of cream that will help them develop thicker hides. Surely, in these difficult economic times, they have better things to be doing and bigger issues to worry about - like controlling costs and generating revenue? (Oh yeah, that stuff.) It's a pretty safe bet that fixation on these posts will do neither.
Given the potential pitfalls regarding the investigation into these posts and the probability - not the possibility - of doing great harm to the company's image and the workplace, I wouldn't pursue this matter even one inch unless the company can absolutely prove that it has suffered SUBSTANTIAL damages as a DIRECT consequence of these "libelous" posts. Which, incidentally, would also provide some degree of legal cover for the investigation itself, as most courts will support a company's right to be somewhat more intrusive when investigating situations involving actual losses than they would otherwise.
There are a number of tools that can handle the technology needed to identify the "libelous" posters, particularly if such posts are being made from company-owned systems. The point is, just because we can (do forensics) doesn't always mean that we should.
Symantec Vontu is a decent product I have seen working for something like this.
It is content specific capture and report solution.