Reply
Thread Tools Display Modes
#1
Old 01-14-2013, 07:20 AM
Guest
Join Date: Apr 2004
Location: Villa Bennius
Posts: 607
Can my employer monitor my smartphone internet use?

My office has a pretty strict policy regarding using the internet for non-work purposes, and makes no secret that our IT department regularly monitors which websites staff are visiting. So I was wondering whether this applies to any surfing I do on my iPhone. I assume that if I am connecting through my office’s wifi that is the same as surfing through my desktop work station. But what about if I disable wifi and surf through the regular 3G network. They can’t track that can they?
#2
Old 01-14-2013, 07:27 AM
Member
Join Date: May 2001
Location: England
Posts: 57,538
They can't track your 3G usage (I mean, it's probably not absolutely technically impossible, but they won't be doing that).

They can fairly easily track what you're doing on their WiFi though - but are you sure that's what your smartphone is using? You may have WiFi switched on, but unless you've explicitly connected to their network (and entered a passphrase or some such), your phone probably is not using it.
#3
Old 01-14-2013, 07:36 AM
Guest
Join Date: Apr 2007
Posts: 3,458
Quote:
Originally Posted by Mangetout View Post
They can't track your 3G usage (I mean, it's probably not absolutely technically impossible, but they won't be doing that).
What about if the smartphone belongs to Orville mogul's employer? It's hard to imagine there's not some way or another for a curious employer to monitor 3G traffic on their own plans.
#4
Old 01-14-2013, 07:41 AM
Guest
Join Date: Apr 2004
Location: Villa Bennius
Posts: 607
Quote:
Originally Posted by Mangetout View Post
They can fairly easily track what you're doing on their WiFi though - but are you sure that's what your smartphone is using? You may have WiFi switched on, but unless you've explicitly connected to their network (and entered a passphrase or some such), your phone probably is not using it.
Yes, I have set up my phone to use the office wifi, password and all.

Basically, I figured I could use my lunch break to pay my bills etc online and thought I would be all clever and do it with my iphone. But it's not so clever if it is still through the office wifi

But crisis averted. Anyway, it's good to know that 3G should be safe.
#5
Old 01-14-2013, 08:23 AM
Guest
Join Date: May 2003
Location: Florida
Posts: 67,630
Unless the phone is actually issued by your employer, or you are using their network, unauthorized access to your phone would be a felony under the federal Computer Fraud & Abuse Act or your state's equivalent (and under the federal act you would have grounds for a civil suit).

Last edited by Really Not All That Bright; 01-14-2013 at 08:24 AM.
#6
Old 01-14-2013, 09:23 AM
Member
Join Date: Nov 2004
Location: North of 8 Mile
Posts: 3,979
Quote:
Originally Posted by Really Not All That Bright View Post
Unless the phone is actually issued by your employer, or you are using their network, unauthorized access to your phone would be a felony under the federal Computer Fraud & Abuse Act or your state's equivalent (and under the federal act you would have grounds for a civil suit).
In order to access my companies email on my my privately owned smartphone I was required to give my companies IT department administration rights to my cell phone. This meant that they I had to password protect the phone and allow them the ability to wipe out the phones data if the phone got stolen (or if I left the company in a bad way).

I imagine most corporations make similar demands before allowing access to systems, possibly even if it is just casual use of their wi-fi connection. If there is a terms of use statement before you are allowed to log in I'll just bet that there is a clause in there that states you can be monitored, even if it is a blind threat and they don't have the technology or personnel to do so.

Last edited by Si Amigo; 01-14-2013 at 09:24 AM.
#7
Old 01-14-2013, 10:30 AM
Charter Member
Join Date: Feb 2001
Location: San Francisco
Posts: 7,190
Quote:
Originally Posted by Orville mogul View Post
Yes, I have set up my phone to use the office wifi, password and all.

Basically, I figured I could use my lunch break to pay my bills etc online and thought I would be all clever and do it with my iphone. But it's not so clever if it is still through the office wifi

But crisis averted. Anyway, it's good to know that 3G should be safe.
Most sites use SSL encryption (the little padlock icon) for financial transactions. Regardless of whether you use a desktop or a phone, if you see an unbroken padlock in the browser, it means that your employer can't see what you do on those sites. (they may, however, be able to see that you've visited those sites which might be enough to get you in trouble).
#8
Old 01-14-2013, 10:33 AM
Guest
Join Date: May 2003
Location: Florida
Posts: 67,630
Quote:
Originally Posted by Si Amigo View Post
I imagine most corporations make similar demands before allowing access to systems, possibly even if it is just casual use of their wi-fi connection. If there is a terms of use statement before you are allowed to log in I'll just bet that there is a clause in there that states you can be monitored, even if it is a blind threat and they don't have the technology or personnel to do so.
True. I was referring solely to his use of a cellular network while at the employer's premises.
#9
Old 01-14-2013, 10:52 AM
Guest
Join Date: Dec 1999
Location: Texas
Posts: 6,658
Quote:
Originally Posted by Shalmanese View Post
(they may, however, be able to see that you've visited those sites which might be enough to get you in trouble).
I was checking my bank balance! I have a savings account at Back Door Sluts. com!

Last edited by Colibri; 08-21-2014 at 04:30 PM. Reason: broke NSFW link
#10
Old 01-14-2013, 11:45 AM
Guest
Join Date: Jan 2000
Location: Snowy Oregon
Posts: 4,758
Quote:
Originally Posted by Si Amigo View Post
In order to access my companies email on my my privately owned smartphone I was required to give my companies IT department administration rights to my cell phone. This meant that they I had to password protect the phone and allow them the ability to wipe out the phones data if the phone got stolen (or if I left the company in a bad way).
IT guy here, with a similar policy. I can force you to lock your phone, I can remove your access to company email, and I can wipe it remotely if it gets lost. That's the extent of my powers. I cannot read your email (well, ok, I can, but through other means, and only your work email), see your text or photos, or monitor your phone's web browser if you're on 3G and not our wifi.
#11
Old 01-14-2013, 11:53 AM
Guest
Join Date: Aug 2004
Location: Simi Valley, CA
Posts: 3,377
Quote:
Originally Posted by CurtC View Post
I was checking my bank balance! I have a savings account at Back Door Sluts. com!
When you make a deposit, do you lose interest?

Last edited by Colibri; 08-21-2014 at 04:31 PM. Reason: Broke NSFW link
#12
Old 01-14-2013, 12:21 PM
Member
Join Date: Jun 2009
Location: Here
Posts: 12,915
Quote:
Originally Posted by Washoe View Post
When you make a deposit, do you lose interest?
#13
Old 01-14-2013, 12:30 PM
Guest
Join Date: Nov 2012
Posts: 290
Quote:
Originally Posted by Si Amigo View Post
In order to access my companies email on my my privately owned smartphone I was required to give my companies IT department administration rights to my cell phone. This meant that they I had to password protect the phone and allow them the ability to wipe out the phones data if the phone got stolen (or if I left the company in a bad way).

I imagine most corporations make similar demands before allowing access to systems, possibly even if it is just casual use of their wi-fi connection. If there is a terms of use statement before you are allowed to log in I'll just bet that there is a clause in there that states you can be monitored, even if it is a blind threat and they don't have the technology or personnel to do so.
To access corporate email on your phone is vastly different from casual wifi connectivity imho.

Anyway, I've personally never experienced such agreements but I work in advertising, not a field like finance where I would expect such things to be enforced.
#14
Old 01-14-2013, 09:03 PM
Member
Join Date: Aug 1999
Location: Alabama
Posts: 14,551
Your employer could easily (and legally) install a security camera in your office/cubicle and see what you're doing on your phone.
#15
Old 01-14-2013, 09:16 PM
Guest
Join Date: Nov 2012
Location: NE Hilbert space corridor
Posts: 4,217
Quote:
Originally Posted by Si Amigo View Post
In order to access my companies email on my my privately owned smartphone I was required to give my companies IT department administration rights to my cell phone. This meant that they I had to password protect the phone and allow them the ability to wipe out the phones data if the phone got stolen (or if I left the company in a bad way).
Doesn't this require a separate app being installed on the phone?

I rooted my android phone and even I wouldn't be able to take control of it remotely without a hosting app to give me access - at least AFAIK.

So if control of the phone requires such an app, it should be a simple matter to sandbox it so that it has no idea that it is actually isolated and has none of the control that it thinks it has.
#16
Old 01-14-2013, 10:05 PM
Charter Member
Join Date: Feb 2001
Location: San Francisco
Posts: 7,190
Quote:
Originally Posted by deltasigma View Post
Doesn't this require a separate app being installed on the phone?

I rooted my android phone and even I wouldn't be able to take control of it remotely without a hosting app to give me access - at least AFAIK.

So if control of the phone requires such an app, it should be a simple matter to sandbox it so that it has no idea that it is actually isolated and has none of the control that it thinks it has.
This is part of the Exchange ActiveSync protocol built into the OS of the iPhone.
#17
Old 01-14-2013, 11:07 PM
Guest
Join Date: Nov 2012
Location: NE Hilbert space corridor
Posts: 4,217
Ah. Apologies. I glossed over the 'iphone' part in the OP and even if I hadn't, I keep forgetting how different the 2 environments are.
#18
Old 01-14-2013, 11:32 PM
Charter Member
Join Date: Dec 2000
Location: Victoria, Australia
Posts: 7,676
Quote:
Originally Posted by deltasigma View Post
Ah. Apologies. I glossed over the 'iphone' part in the OP and even if I hadn't, I keep forgetting how different the 2 environments are.
Exchange for Android makes you agree to similar conditions if you set it up on your phone.
#19
Old 01-15-2013, 02:48 AM
Guest
Join Date: Jul 2003
Location: California
Posts: 8,423
There's also Google's Device Policy for Android, meant to give admins the same powers over your phone.
#20
Old 01-15-2013, 08:40 AM
Guest
Join Date: May 2003
Location: Florida
Posts: 67,630
Quote:
Originally Posted by scr4 View Post
Your employer could easily (and legally) install a security camera in your office/cubicle and see what you're doing on your phone.
That would depend on what state the OP is in.
#21
Old 01-15-2013, 08:49 AM
Registered User
Join Date: Oct 2012
Posts: 737
Without accessing their network/property, there is no reason or expectation that they could monitor your phone. A phone easily falls within what is called the "reasonable expectation of privacy." Likewise, the courts have upheld that a desk drawer or locker is also private. The employee must give consent to have their stuff searched, and if they waive their right to privacy they may re-asset it at any time.

Now, you might get fired, but they still can't look at your stuff.

If your employer is worried about phones (for example, if confidentiality is an issue) they would be better off ordering employees to check their phones at the door.

Last edited by solosam; 01-15-2013 at 08:49 AM.
#22
Old 01-15-2013, 08:53 AM
Guest
Join Date: May 2003
Location: Florida
Posts: 67,630
The phrase "reasonable expectation of privacy" refers to the Fourth Amendment and the exclusionary rule. It means information gained by the governing by violating that expectation may not be used against you in a criminal proceeding, not that your employer can't snoop around your desk. The OP is presumably worried about getting fired, not prosecuted.
#23
Old 01-16-2013, 04:28 AM
Charter Member
Join Date: Dec 2003
Location: N Texas
Posts: 2,721
Quote:
Originally Posted by scr4 View Post
Your employer could easily (and legally) install a security camera in your office/cubicle and see what you're doing on your phone.
This is the more likely option. A co-worker of mine was known for spending way too much time on his iphone. Since there's a policy against CC cameras, HR actually installed* a fictitious employee in a nearby cube (lots of churn in office placement, new faces are common). "New" guy's job was to track and log the offender's habits. Results were an average of 3+ hours playing on the iphone per day, and the employee was escorted out by security.

They also do random audits of employee's computer/internet/IM use and occasionally compare time charges against gate and entrance camera timestamps. I was the subject of one of these two years ago and unaware of it. It was a random audit, but when finished I (and boss) got a congratulatory note informing me I'd been under surveillance for a week and passed with flying colors.

*Details as explained to us in a group meeting later. We had no idea there was a plant in the office. Still don't know which person it was.
#24
Old 01-16-2013, 05:35 AM
Guest
Join Date: Jul 2003
Location: California
Posts: 8,423
And you keep working there? Sounds creepy as hell.
#25
Old 08-21-2014, 06:21 AM
Guest
Join Date: Jan 2013
Location: Worcestershire UK
Posts: 5,966
After an accident where a fork lift truck driver was distracted by his phone while working, my last employer (a haulage and storage company) banned the use of mobile phones during work times. After a protest, the ban was extended to office staff, except those with company phones. This ban was widely flouted, so they banned them from the site altogether. Anyone caught with one gets a warning, and then, if he does it again, his cards.

Last edited by bob++; 08-21-2014 at 06:21 AM.
#26
Old 08-21-2014, 07:56 AM
Guest
Join Date: Aug 2011
Location: Cebu, Philippines
Posts: 14,329
Quote:
Originally Posted by Reply View Post
And you keep working there? Sounds creepy as hell.
In the pre-IT era (anybody remember that?), I worked at a place where the receptionist was required to grab the morning paper first thing and remove the comics and crossword puzzle pages, so the employees would not spend company time amusing themselves with them.
#27
Old 08-21-2014, 08:13 AM
BANNED
Join Date: Jan 2010
Location: North Carolina
Posts: 3,109
why is it ok to spend company time reading the news but not the comics
#28
Old 08-21-2014, 08:19 AM
Guest
Join Date: Nov 2000
Location: Saint Paul
Posts: 26,476
Quote:
Originally Posted by CurtC View Post
I was checking my bank balance! I have a savings account at Back Door Sluts. com!
Now, there's a link I'm not clicking on at work...

Last edited by Colibri; 08-21-2014 at 04:36 PM. Reason: broke NSFW link
#29
Old 08-21-2014, 08:24 AM
Guest
Join Date: Jan 2013
Location: Worcestershire UK
Posts: 5,966
Back in the pre-internet, pre mobile phone days, my then employer sent round a notice saying that all telephone calls were being monitored to prevent people making expensive personal calls at the company's expense.

It was not actually true - they had looked at such a system but rejected it as too costly; however the belief that they were, had the desired effect.

A few weeks later, it was noticed, from the existing system, that some expensive foreign calls were being made every Friday evening, after work. Most phones were barred from making international calls, and it was no great problem to find a cleaner sitting in the Export Manager's chair, chatting to her mother in Australia.

Last edited by bob++; 08-21-2014 at 08:25 AM.
#30
Old 08-21-2014, 10:49 AM
Charter Member
Join Date: Jul 2000
Location: The Middle of Puget Sound
Posts: 21,827
Quote:
Originally Posted by pullin View Post
This is the more likely option. A co-worker of mine was known for spending way too much time on his iphone. Since there's a policy against CC cameras, HR actually installed* a fictitious employee in a nearby cube (lots of churn in office placement, new faces are common). "New" guy's job was to track and log the offender's habits. Results were an average of 3+ hours playing on the iphone per day, and the employee was escorted out by security.
So it didn't matter whether he was getting his work done or not, what mattered was that he didn't "waste" time at work. If he'd have stared blankly at a spreadsheet not moving for 3 hours that would have been fine, because he wasn't enjoying himself.

If he wasn't getting his work done, it doesn't matter if he was frantically working 10 hours straight. If he was getting his work done, then who cares how much time he spends on his phone?
#31
Old 08-21-2014, 11:26 AM
Guest
Join Date: Nov 2000
Location: Saint Paul
Posts: 26,476
Quote:
Originally Posted by Lemur866 View Post
So it didn't matter whether he was getting his work done or not, what mattered was that he didn't "waste" time at work. If he'd have stared blankly at a spreadsheet not moving for 3 hours that would have been fine, because he wasn't enjoying himself.
Most of my jobs have been thus.

Quote:
If he wasn't getting his work done, it doesn't matter if he was frantically working 10 hours straight. If he was getting his work done, then who cares how much time he spends on his phone?
The manager. The phrases "Obviously we're paying you too much" and "Obviously we're not giving you enough work" come to mind.
#32
Old 08-21-2014, 01:12 PM
Charter Member
Join Date: Jul 2000
Location: The Middle of Puget Sound
Posts: 21,827
"We're paying you too much"/"You don't have enough work" depends on how much it would cost to hire another guy who can do the same amount of work for less money, or do more work for the same amount of money.

If you're paying the guy $50,000 a year, and he completes the same amount of work that his colleagues making $50,000 a year do, it doesn't matter how many hours a week it takes him to do that work. If he does more, despite goofing off, you're getting a bargain. If he does less, even if he's working like a trooper, you're getting ripped off.

Anyway, this is just a longwinded digression. I'm just boggled that they'd assign a guy to watch him for a week to see if he's goofing off or not. If he's goofing off, why doesn't his manager already know? And if he's goofing off, why not just fire him? They don't need a reason.
#33
Old 08-23-2014, 11:02 AM
Guest
Join Date: May 2002
Location: The Netherlands
Posts: 639
Quote:
Originally Posted by Shalmanese View Post
Most sites use SSL encryption (the little padlock icon) for financial transactions. Regardless of whether you use a desktop or a phone, if you see an unbroken padlock in the browser, it means that your employer can't see what you do on those sites.
Actually, for any device which they control (e.g. your work desktop or a company-provided phone), they could add themselves to the list of certificate authorities which your browser trusts. They could then perform a man-in-the-middle attack on any of your "secure" communications.

And yes, some employers actually do this. Also, it's not just nosy employers doing this; for example, Nokia has also been caught intercepting their customers' encrypted traffic, ostensibly for the purpose of doing on-the-fly data compression.

Basically, unless you control the device and know for certain that it doesn't have anything installed on it without your consent, you can't trust anything, no matter how many padlock icons it may show you.
#34
Old 08-23-2014, 11:10 AM
Charter Member
Join Date: Apr 2002
Location: U.S.A.
Posts: 33,416
I was under the impression that there are already laws preventing your employer from snooping in on your regular telephone calls and you have a right to use a "reasonable" amount of your time on personal phone calls, so long as it is not interfering with your job.

But there are no such laws protecting your internet use. That's up to your employer's policy decisions.

That's my understanding. I have no specific knowledge in this area.
#35
Old 12-11-2016, 08:18 AM
Guest
Join Date: Dec 2016
Location: Mass
Posts: 1
If Your wifi at wok Blocks NSFW Material

If Your wifi at work Blocks NSFW Material, and you didn't hack into it Can they still see your attempt on your smartphone? I'm thinking no harm no foul. Can you still be fired? Can they still monitor the attempt? I was on my smart phone a forgot I was still on the company network.

Last edited by Rixter67; 12-11-2016 at 08:19 AM.
#36
Old 12-11-2016, 11:18 AM
Guest
Join Date: May 2000
Location: Brooklyn
Posts: 23,878
Yes, if you are on their network, they can see the attempt and you can be fired. Do you really need to be accessing your spank material when you're on the clock?

Last edited by friedo; 12-11-2016 at 11:18 AM.
#37
Old 12-11-2016, 08:02 PM
Guest
Join Date: Jul 2005
Location: N of Denver & S of Sanity
Posts: 12,586
Quote:
Originally Posted by friedo View Post
Yes, if you are on their network, they can see the attempt and you can be fired. Do you really need to be accessing your spank material when you're on the clock?
maybe it is by error like the infamous whitehouse dot com
#38
Old 12-12-2016, 12:53 AM
Guest
Join Date: Oct 2008
Posts: 1,900
I guess I live in a dreamworld aka Los Angeles, but I can't imagine ever being called to account for "NSFW" browsing with an employer's WiFi. 1. Most places I work aren't big enough for an IT department of their own 2. Everyone knows people spend part of their day messing around on the internet 3. Most of the people I work with are in a bullpen and couldn't get away with anything egregious (fantasy sports websites don't count, but sexy/porn stuff would be easily noticed and quashed without reference to non-existent IT group) 4. The people whose doors close I (or someone in my position) can barge in on at any time. I try to knock, but there's never enough time to pull pants up--if they're clicking away from the nakeds, so be it, but it's more likely to be Facebook or email.
#39
Old 12-12-2016, 02:06 AM
Guest
Join Date: Jul 2002
Location: UK
Posts: 4,930
Quote:
Originally Posted by Walton Firm View Post
Actually, for any device which they control (e.g. your work desktop or a company-provided phone), they could add themselves to the list of certificate authorities which your browser trusts. They could then perform a man-in-the-middle attack on any of your "secure" communications.

And yes, some employers actually do this. Also, it's not just nosy employers doing this; for example, Nokia has also been caught intercepting their customers' encrypted traffic, ostensibly for the purpose of doing on-the-fly data compression.
It's called the "encryption hole", and is a big concern to corporates.
Most malware now uses SSL encryption to communicate to Command and Control servers, and to exfiltrate stolen data out of a firewalled network. If you can't look into the encrypted data-stream, you will never know until it is too late.

So SSL decryption equipment feeding data to logging and detection equipment is going to be big business over the next few years. And it gets worse - you have no actual idea how good the far side of the SSL intercept device is - many use older ciphers and protocols, downgrading the encryption on the exposed internet to your bank or email provider.

If you think Nokia was bad, Symantec (who run a Certificate Authority) now own Bluecoat (who make network proxies and SSL equipment). The combination allows for an SSL intercepting proxy that could have a trusted certificate for a large proportion of the internet without requiring a trusted certificate install on the device.

Service Providers (ISPs, mobile phone networks) also want this technology to intercept, monitor, compress and shape encrypted datastreams for efficiency and profit (you need to decrypt SSL data before you can insert ads or optimise content).
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 07:52 AM.

Send questions for Cecil Adams to: [email protected]

Send comments about this website to:

Terms of Use / Privacy Policy

Advertise on the Straight Dope!
(Your direct line to thousands of the smartest, hippest people on the planet, plus a few total dipsticks.)

Copyright © 2018 STM Reader, LLC.

Copyright © 2017
Best Topics: orange juice man giving yourself blowjob sudafed for sale roman vomitorium usps postage due buddy girls tron desk tiny ziplock bag permanent press dryer kma license frame prius bluetooth jennifer grey imdb tourneau corporate what will happen if the ozone layer is destroyed king crab vs snow crab what is intercollegiate sport white and yellow shredded cheese why do models have to be tall did george washington have a british accent pointed ears in humans sulfamethoxazole tmp ds tab and alcohol nutritional value of grass best glue for polyethylene how to tell if someone is fake sleeping bennie and the jets meaning average of averages standard deviation