Thread Tools
Old 01-14-2013, 08:20 AM
Guest
Join Date: Apr 2004
Location: Villa Bennius
Posts: 603
Can my employer monitor my smartphone internet use?

My office has a pretty strict policy regarding using the internet for non-work purposes, and makes no secret that our IT department regularly monitors which websites staff are visiting. So I was wondering whether this applies to any surfing I do on my iPhone. I assume that if I am connecting through my office’s wifi that is the same as surfing through my desktop work station. But what about if I disable wifi and surf through the regular 3G network. They can’t track that can they?
Old 01-14-2013, 08:27 AM
Charter Member
Join Date: May 2001
Location: England
Posts: 56,781
They can't track your 3G usage (I mean, it's probably not absolutely technically impossible, but they won't be doing that).

They can fairly easily track what you're doing on their WiFi though - but are you sure that's what your smartphone is using? You may have WiFi switched on, but unless you've explicitly connected to their network (and entered a passphrase or some such), your phone probably is not using it.
Old 01-14-2013, 08:36 AM
Guest
Join Date: Apr 2007
Posts: 3,457
Quote:
Originally Posted by Mangetout View Post
They can't track your 3G usage (I mean, it's probably not absolutely technically impossible, but they won't be doing that).
What about if the smartphone belongs to Orville mogul's employer? It's hard to imagine there's not some way or another for a curious employer to monitor 3G traffic on their own plans.
Old 01-14-2013, 08:41 AM
Guest
Join Date: Apr 2004
Location: Villa Bennius
Posts: 603
Quote:
Originally Posted by Mangetout View Post
They can fairly easily track what you're doing on their WiFi though - but are you sure that's what your smartphone is using? You may have WiFi switched on, but unless you've explicitly connected to their network (and entered a passphrase or some such), your phone probably is not using it.
Yes, I have set up my phone to use the office wifi, password and all.

Basically, I figured I could use my lunch break to pay my bills etc online and thought I would be all clever and do it with my iphone. But it's not so clever if it is still through the office wifi

But crisis averted. Anyway, it's good to know that 3G should be safe.
Old 01-14-2013, 09:23 AM
Guest
Join Date: May 2003
Location: Florida
Posts: 67,173
Unless the phone is actually issued by your employer, or you are using their network, unauthorized access to your phone would be a felony under the federal Computer Fraud & Abuse Act or your state's equivalent (and under the federal act you would have grounds for a civil suit).

Last edited by Really Not All That Bright; 01-14-2013 at 09:24 AM.
Old 01-14-2013, 10:23 AM
Member
Join Date: Nov 2004
Location: North of 8 Mile
Posts: 3,930
Quote:
Originally Posted by Really Not All That Bright View Post
Unless the phone is actually issued by your employer, or you are using their network, unauthorized access to your phone would be a felony under the federal Computer Fraud & Abuse Act or your state's equivalent (and under the federal act you would have grounds for a civil suit).
In order to access my companies email on my my privately owned smartphone I was required to give my companies IT department administration rights to my cell phone. This meant that they I had to password protect the phone and allow them the ability to wipe out the phones data if the phone got stolen (or if I left the company in a bad way).

I imagine most corporations make similar demands before allowing access to systems, possibly even if it is just casual use of their wi-fi connection. If there is a terms of use statement before you are allowed to log in I'll just bet that there is a clause in there that states you can be monitored, even if it is a blind threat and they don't have the technology or personnel to do so.

Last edited by Si Amigo; 01-14-2013 at 10:24 AM.
Old 01-14-2013, 11:30 AM
Charter Member
Join Date: Feb 2001
Location: San Francisco
Posts: 7,130
Quote:
Originally Posted by Orville mogul View Post
Yes, I have set up my phone to use the office wifi, password and all.

Basically, I figured I could use my lunch break to pay my bills etc online and thought I would be all clever and do it with my iphone. But it's not so clever if it is still through the office wifi

But crisis averted. Anyway, it's good to know that 3G should be safe.
Most sites use SSL encryption (the little padlock icon) for financial transactions. Regardless of whether you use a desktop or a phone, if you see an unbroken padlock in the browser, it means that your employer can't see what you do on those sites. (they may, however, be able to see that you've visited those sites which might be enough to get you in trouble).
Old 01-14-2013, 11:33 AM
Guest
Join Date: May 2003
Location: Florida
Posts: 67,173
Quote:
Originally Posted by Si Amigo View Post
I imagine most corporations make similar demands before allowing access to systems, possibly even if it is just casual use of their wi-fi connection. If there is a terms of use statement before you are allowed to log in I'll just bet that there is a clause in there that states you can be monitored, even if it is a blind threat and they don't have the technology or personnel to do so.
True. I was referring solely to his use of a cellular network while at the employer's premises.
Old 01-14-2013, 11:52 AM
Guest
Join Date: Dec 1999
Location: Texas
Posts: 6,402
Quote:
Originally Posted by Shalmanese View Post
(they may, however, be able to see that you've visited those sites which might be enough to get you in trouble).
I was checking my bank balance! I have a savings account at Back Door Sluts. com!

Last edited by Colibri; 08-21-2014 at 05:30 PM. Reason: broke NSFW link
Old 01-14-2013, 12:45 PM
Guest
Join Date: Jan 2000
Location: Snowy Oregon
Posts: 4,757
Quote:
Originally Posted by Si Amigo View Post
In order to access my companies email on my my privately owned smartphone I was required to give my companies IT department administration rights to my cell phone. This meant that they I had to password protect the phone and allow them the ability to wipe out the phones data if the phone got stolen (or if I left the company in a bad way).
IT guy here, with a similar policy. I can force you to lock your phone, I can remove your access to company email, and I can wipe it remotely if it gets lost. That's the extent of my powers. I cannot read your email (well, ok, I can, but through other means, and only your work email), see your text or photos, or monitor your phone's web browser if you're on 3G and not our wifi.
Old 01-14-2013, 12:53 PM
Guest
Join Date: Aug 2004
Location: Simi Valley, CA
Posts: 3,377
Quote:
Originally Posted by CurtC View Post
I was checking my bank balance! I have a savings account at Back Door Sluts. com!
When you make a deposit, do you lose interest?

Last edited by Colibri; 08-21-2014 at 05:31 PM. Reason: Broke NSFW link
Old 01-14-2013, 01:21 PM
Member
Join Date: Jun 2009
Location: Here
Posts: 11,616
Quote:
Originally Posted by Washoe View Post
When you make a deposit, do you lose interest?
Old 01-14-2013, 01:30 PM
Guest
Join Date: Nov 2012
Posts: 290
Quote:
Originally Posted by Si Amigo View Post
In order to access my companies email on my my privately owned smartphone I was required to give my companies IT department administration rights to my cell phone. This meant that they I had to password protect the phone and allow them the ability to wipe out the phones data if the phone got stolen (or if I left the company in a bad way).

I imagine most corporations make similar demands before allowing access to systems, possibly even if it is just casual use of their wi-fi connection. If there is a terms of use statement before you are allowed to log in I'll just bet that there is a clause in there that states you can be monitored, even if it is a blind threat and they don't have the technology or personnel to do so.
To access corporate email on your phone is vastly different from casual wifi connectivity imho.

Anyway, I've personally never experienced such agreements but I work in advertising, not a field like finance where I would expect such things to be enforced.
Old 01-14-2013, 10:03 PM
Member
Join Date: Aug 1999
Location: Alabama
Posts: 13,974
Your employer could easily (and legally) install a security camera in your office/cubicle and see what you're doing on your phone.
Old 01-14-2013, 10:16 PM
Guest
Join Date: Nov 2012
Location: NE Hilbert space corridor
Posts: 4,217
Quote:
Originally Posted by Si Amigo View Post
In order to access my companies email on my my privately owned smartphone I was required to give my companies IT department administration rights to my cell phone. This meant that they I had to password protect the phone and allow them the ability to wipe out the phones data if the phone got stolen (or if I left the company in a bad way).
Doesn't this require a separate app being installed on the phone?

I rooted my android phone and even I wouldn't be able to take control of it remotely without a hosting app to give me access - at least AFAIK.

So if control of the phone requires such an app, it should be a simple matter to sandbox it so that it has no idea that it is actually isolated and has none of the control that it thinks it has.
Old 01-14-2013, 11:05 PM
Charter Member
Join Date: Feb 2001
Location: San Francisco
Posts: 7,130
Quote:
Originally Posted by deltasigma View Post
Doesn't this require a separate app being installed on the phone?

I rooted my android phone and even I wouldn't be able to take control of it remotely without a hosting app to give me access - at least AFAIK.

So if control of the phone requires such an app, it should be a simple matter to sandbox it so that it has no idea that it is actually isolated and has none of the control that it thinks it has.
This is part of the Exchange ActiveSync protocol built into the OS of the iPhone.
Old 01-15-2013, 12:07 AM
Guest
Join Date: Nov 2012
Location: NE Hilbert space corridor
Posts: 4,217
Ah. Apologies. I glossed over the 'iphone' part in the OP and even if I hadn't, I keep forgetting how different the 2 environments are.
Old 01-15-2013, 12:32 AM
Charter Member
Join Date: Dec 2000
Location: Victoria, Australia
Posts: 7,636
Quote:
Originally Posted by deltasigma View Post
Ah. Apologies. I glossed over the 'iphone' part in the OP and even if I hadn't, I keep forgetting how different the 2 environments are.
Exchange for Android makes you agree to similar conditions if you set it up on your phone.
Old 01-15-2013, 03:48 AM
Guest
Join Date: Jul 2003
Location: Chicago
Posts: 8,268
There's also Google's Device Policy for Android, meant to give admins the same powers over your phone.
Old 01-15-2013, 09:40 AM
Guest
Join Date: May 2003
Location: Florida
Posts: 67,173
Quote:
Originally Posted by scr4 View Post
Your employer could easily (and legally) install a security camera in your office/cubicle and see what you're doing on your phone.
That would depend on what state the OP is in.
Old 01-15-2013, 09:49 AM
Registered User
Join Date: Oct 2012
Posts: 737
Without accessing their network/property, there is no reason or expectation that they could monitor your phone. A phone easily falls within what is called the "reasonable expectation of privacy." Likewise, the courts have upheld that a desk drawer or locker is also private. The employee must give consent to have their stuff searched, and if they waive their right to privacy they may re-asset it at any time.

Now, you might get fired, but they still can't look at your stuff.

If your employer is worried about phones (for example, if confidentiality is an issue) they would be better off ordering employees to check their phones at the door.

Last edited by solosam; 01-15-2013 at 09:49 AM.
Old 01-15-2013, 09:53 AM
Guest
Join Date: May 2003
Location: Florida
Posts: 67,173
The phrase "reasonable expectation of privacy" refers to the Fourth Amendment and the exclusionary rule. It means information gained by the governing by violating that expectation may not be used against you in a criminal proceeding, not that your employer can't snoop around your desk. The OP is presumably worried about getting fired, not prosecuted.
Old 01-16-2013, 05:28 AM
Charter Member
Join Date: Dec 2003
Location: N Texas
Posts: 2,573
Quote:
Originally Posted by scr4 View Post
Your employer could easily (and legally) install a security camera in your office/cubicle and see what you're doing on your phone.
This is the more likely option. A co-worker of mine was known for spending way too much time on his iphone. Since there's a policy against CC cameras, HR actually installed* a fictitious employee in a nearby cube (lots of churn in office placement, new faces are common). "New" guy's job was to track and log the offender's habits. Results were an average of 3+ hours playing on the iphone per day, and the employee was escorted out by security.

They also do random audits of employee's computer/internet/IM use and occasionally compare time charges against gate and entrance camera timestamps. I was the subject of one of these two years ago and unaware of it. It was a random audit, but when finished I (and boss) got a congratulatory note informing me I'd been under surveillance for a week and passed with flying colors.

*Details as explained to us in a group meeting later. We had no idea there was a plant in the office. Still don't know which person it was.
Old 01-16-2013, 06:35 AM
Guest
Join Date: Jul 2003
Location: Chicago
Posts: 8,268
And you keep working there? Sounds creepy as hell.
Old 08-21-2014, 07:21 AM
Guest
Join Date: Jan 2013
Location: Worcestershire UK
Posts: 5,549
After an accident where a fork lift truck driver was distracted by his phone while working, my last employer (a haulage and storage company) banned the use of mobile phones during work times. After a protest, the ban was extended to office staff, except those with company phones. This ban was widely flouted, so they banned them from the site altogether. Anyone caught with one gets a warning, and then, if he does it again, his cards.

Last edited by bob++; 08-21-2014 at 07:21 AM.
Old 08-21-2014, 08:56 AM
Guest
Join Date: Aug 2011
Location: Cebu, Philippines
Posts: 13,305
Quote:
Originally Posted by Reply View Post
And you keep working there? Sounds creepy as hell.
In the pre-IT era (anybody remember that?), I worked at a place where the receptionist was required to grab the morning paper first thing and remove the comics and crossword puzzle pages, so the employees would not spend company time amusing themselves with them.
Old 08-21-2014, 09:13 AM
BANNED
Join Date: Jan 2010
Location: North Carolina
Posts: 3,109
why is it ok to spend company time reading the news but not the comics
Old 08-21-2014, 09:19 AM
Guest
Join Date: Nov 2000
Location: Saint Paul
Posts: 26,220
Quote:
Originally Posted by CurtC View Post
I was checking my bank balance! I have a savings account at Back Door Sluts. com!
Now, there's a link I'm not clicking on at work...

Last edited by Colibri; 08-21-2014 at 05:36 PM. Reason: broke NSFW link
Old 08-21-2014, 09:24 AM
Guest
Join Date: Jan 2013
Location: Worcestershire UK
Posts: 5,549
Back in the pre-internet, pre mobile phone days, my then employer sent round a notice saying that all telephone calls were being monitored to prevent people making expensive personal calls at the company's expense.

It was not actually true - they had looked at such a system but rejected it as too costly; however the belief that they were, had the desired effect.

A few weeks later, it was noticed, from the existing system, that some expensive foreign calls were being made every Friday evening, after work. Most phones were barred from making international calls, and it was no great problem to find a cleaner sitting in the Export Manager's chair, chatting to her mother in Australia.

Last edited by bob++; 08-21-2014 at 09:25 AM.
Old 08-21-2014, 11:49 AM
Charter Member
Join Date: Jul 2000
Location: The Middle of Puget Sound
Posts: 21,092
Quote:
Originally Posted by pullin View Post
This is the more likely option. A co-worker of mine was known for spending way too much time on his iphone. Since there's a policy against CC cameras, HR actually installed* a fictitious employee in a nearby cube (lots of churn in office placement, new faces are common). "New" guy's job was to track and log the offender's habits. Results were an average of 3+ hours playing on the iphone per day, and the employee was escorted out by security.
So it didn't matter whether he was getting his work done or not, what mattered was that he didn't "waste" time at work. If he'd have stared blankly at a spreadsheet not moving for 3 hours that would have been fine, because he wasn't enjoying himself.

If he wasn't getting his work done, it doesn't matter if he was frantically working 10 hours straight. If he was getting his work done, then who cares how much time he spends on his phone?
Old 08-21-2014, 12:26 PM
Guest
Join Date: Nov 2000
Location: Saint Paul
Posts: 26,220
Quote:
Originally Posted by Lemur866 View Post
So it didn't matter whether he was getting his work done or not, what mattered was that he didn't "waste" time at work. If he'd have stared blankly at a spreadsheet not moving for 3 hours that would have been fine, because he wasn't enjoying himself.
Most of my jobs have been thus.

Quote:
If he wasn't getting his work done, it doesn't matter if he was frantically working 10 hours straight. If he was getting his work done, then who cares how much time he spends on his phone?
The manager. The phrases "Obviously we're paying you too much" and "Obviously we're not giving you enough work" come to mind.
Old 08-21-2014, 02:12 PM
Charter Member
Join Date: Jul 2000
Location: The Middle of Puget Sound
Posts: 21,092
"We're paying you too much"/"You don't have enough work" depends on how much it would cost to hire another guy who can do the same amount of work for less money, or do more work for the same amount of money.

If you're paying the guy $50,000 a year, and he completes the same amount of work that his colleagues making $50,000 a year do, it doesn't matter how many hours a week it takes him to do that work. If he does more, despite goofing off, you're getting a bargain. If he does less, even if he's working like a trooper, you're getting ripped off.

Anyway, this is just a longwinded digression. I'm just boggled that they'd assign a guy to watch him for a week to see if he's goofing off or not. If he's goofing off, why doesn't his manager already know? And if he's goofing off, why not just fire him? They don't need a reason.
Old 08-23-2014, 12:02 PM
Guest
Join Date: May 2002
Location: The Netherlands
Posts: 639
Quote:
Originally Posted by Shalmanese View Post
Most sites use SSL encryption (the little padlock icon) for financial transactions. Regardless of whether you use a desktop or a phone, if you see an unbroken padlock in the browser, it means that your employer can't see what you do on those sites.
Actually, for any device which they control (e.g. your work desktop or a company-provided phone), they could add themselves to the list of certificate authorities which your browser trusts. They could then perform a man-in-the-middle attack on any of your "secure" communications.

And yes, some employers actually do this. Also, it's not just nosy employers doing this; for example, Nokia has also been caught intercepting their customers' encrypted traffic, ostensibly for the purpose of doing on-the-fly data compression.

Basically, unless you control the device and know for certain that it doesn't have anything installed on it without your consent, you can't trust anything, no matter how many padlock icons it may show you.
Old 08-23-2014, 12:10 PM
Charter Member
Join Date: Apr 2002
Location: U.S.A.
Posts: 32,876
I was under the impression that there are already laws preventing your employer from snooping in on your regular telephone calls and you have a right to use a "reasonable" amount of your time on personal phone calls, so long as it is not interfering with your job.

But there are no such laws protecting your internet use. That's up to your employer's policy decisions.

That's my understanding. I have no specific knowledge in this area.
Old 12-11-2016, 09:18 AM
Guest
Join Date: Dec 2016
Location: Mass
Posts: 1
If Your wifi at wok Blocks NSFW Material

If Your wifi at work Blocks NSFW Material, and you didn't hack into it Can they still see your attempt on your smartphone? I'm thinking no harm no foul. Can you still be fired? Can they still monitor the attempt? I was on my smart phone a forgot I was still on the company network.

Last edited by Rixter67; 12-11-2016 at 09:19 AM.
Old 12-11-2016, 12:18 PM
Guest
Join Date: May 2000
Location: Brooklyn
Posts: 23,452
Yes, if you are on their network, they can see the attempt and you can be fired. Do you really need to be accessing your spank material when you're on the clock?

Last edited by friedo; 12-11-2016 at 12:18 PM.
Old 12-11-2016, 09:02 PM
Guest
Join Date: Jul 2005
Location: N of Denver & S of Sanity
Posts: 12,262
Quote:
Originally Posted by friedo View Post
Yes, if you are on their network, they can see the attempt and you can be fired. Do you really need to be accessing your spank material when you're on the clock?
maybe it is by error like the infamous whitehouse dot com
Old 12-12-2016, 01:53 AM
Guest
Join Date: Oct 2008
Posts: 1,697
I guess I live in a dreamworld aka Los Angeles, but I can't imagine ever being called to account for "NSFW" browsing with an employer's WiFi. 1. Most places I work aren't big enough for an IT department of their own 2. Everyone knows people spend part of their day messing around on the internet 3. Most of the people I work with are in a bullpen and couldn't get away with anything egregious (fantasy sports websites don't count, but sexy/porn stuff would be easily noticed and quashed without reference to non-existent IT group) 4. The people whose doors close I (or someone in my position) can barge in on at any time. I try to knock, but there's never enough time to pull pants up--if they're clicking away from the nakeds, so be it, but it's more likely to be Facebook or email.
Old 12-12-2016, 03:06 AM
Guest
Join Date: Jul 2002
Location: UK
Posts: 4,894
Quote:
Originally Posted by Walton Firm View Post
Actually, for any device which they control (e.g. your work desktop or a company-provided phone), they could add themselves to the list of certificate authorities which your browser trusts. They could then perform a man-in-the-middle attack on any of your "secure" communications.

And yes, some employers actually do this. Also, it's not just nosy employers doing this; for example, Nokia has also been caught intercepting their customers' encrypted traffic, ostensibly for the purpose of doing on-the-fly data compression.
It's called the "encryption hole", and is a big concern to corporates.
Most malware now uses SSL encryption to communicate to Command and Control servers, and to exfiltrate stolen data out of a firewalled network. If you can't look into the encrypted data-stream, you will never know until it is too late.

So SSL decryption equipment feeding data to logging and detection equipment is going to be big business over the next few years. And it gets worse - you have no actual idea how good the far side of the SSL intercept device is - many use older ciphers and protocols, downgrading the encryption on the exposed internet to your bank or email provider.

If you think Nokia was bad, Symantec (who run a Certificate Authority) now own Bluecoat (who make network proxies and SSL equipment). The combination allows for an SSL intercepting proxy that could have a trusted certificate for a large proportion of the internet without requiring a trusted certificate install on the device.

Service Providers (ISPs, mobile phone networks) also want this technology to intercept, monitor, compress and shape encrypted datastreams for efficiency and profit (you need to decrypt SSL data before you can insert ads or optimise content).
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 12:57 AM.

Copyright © 2017
Best Topics: bob seger firelake tussin dm high liege king curing leather parrotlet names schwepps lemon sour welltrol water tank tso chicken pronunciation midas brakes reviews temporal energy ixtra inches gaf viewmaster teller talks entabulator transmission cold ears hurt christopher langan civ 6 seeds quid versus pound spooning joke snow melting blower mace chain who manufactures ambien scars movies parachute weights cc waterback movies synced wwi leggings alllotto michigan d20 superhero rpg trimps mapology he graduated register republican wax ring sizes what is a well done pizza books like captain underpants national sunday law book mail turn on television show largest open world map how to open a swiss army watch 2001 ford focus oil change cardboard pizza box in oven bp 138/80 bells on bobtail ring how to dispose of rotten meat 100 amp vs 200 amp panama canal zone birth certificate is heighth a real word microfiber panties yeast infections cary to chapel hill is an iq of 96 good how to smoke a swisher is cooking oil flammable transfer money from one credit union to another movie explosion walk away does dandruff shampoo kill lice soda bottle pressure cap 5w 20 vs 5w 30 panera bread balsamic vinaigrette inches of rain to gallons how long spaghetti sauce last in fridge sidetracked home executives pdf how to find a short in a wire what do wizards wear under their robes reese's peanut butter cup commercial 2016 murder she wrote reggae charlene darling there is a time radiator tank repair kit