Home
Join

33 Replies

  • An interesting question, and one which I suspect your legal and HR departments will have to work out. If they come down on your side, you've got policy to lean on. Without that, there will be pushback and non-compliance.

    Spice (4) flagReport
    Was this post helpful? thumb_up thumb_down
  • IANAL -

    So there's an issue with where and when you can access those webcams.  People have a reasonable expectation to privacy in their homes and other places they may also use the laptops.  While you are entitled to monitor their activity on the laptop, using the laptop to potentially monitor their other activity may be an issue.Monitoring location, audio and video surveillance is going to quickly open you up to litigation for damages if the spying is ever done inappropriately.  Depending on the locale, any access of video or audio unbeknownst to the individual while they have an expectation of privacy could bear criminal and civil penalties.  

    If it is up to me, I will never have a policy that includes spying on employees this way.  The policy should be to never leave your computer unsecured, and never unattended longer than necessary.  If you can't trust the employees with nice things, don't give them nice things, or get nicer employees.  If you are supremely worried about thieft, pay for warranties/theft protection, use TPM and FDE, stamp your company name on the laptops with serial numbers and contact info...please don't make employees hate working for your company by making them feel unsafe.

    Spice (12) flagReport
    3 found this helpful thumb_up thumb_down
  •  If you are supremely worried about thief, pay for warranties/theft protection, use TPM and FDE, stamp your company name on the laptops with serial numbers and contact info...please don't make employees hate working for your company by making them feel unsafe.

    I'd do this as well, and add TPM+PIN so it won't even boot without getting past Bitlocker.  If it's lost, the asset tag could help someone return it to you.  If it's stolen, the data's not accessible, and it's probably just going to be wiped and sold anyway.  It seems like the odds of getting a picture are low anyway, it's not worth the paranoia.  All that said, this sounds like something a lawyer should handle instead of you.

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • You could make a rule to prohibit anything.

    Question is, how will you know? If the rule isn't easily enforceable, it's a waste of time.

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • Laptops are all encrypted so there's no worry of data loss at this point, it's simply a look at the financial side of things.  

    The monitoring is up front with them, they are made aware of the fact that this is a corporate asset from the minute they are hired, terming it spying is a little bit over the top in my opinion.  

    We're in financial services dealing with client data which is never supposed to reside on the devices, they work on the data that stays housed in our secure data zone through an in house web app and protected by 2 factor VPN access only from the client devices.  The monitoring is not obtrusive, think more typical reinforcement of DLP practices.  

    Any loss of device would certainly be run through insurance to replace it but if it can be recovered before involving the insurance company and dealing with deductibles and value of the device depreciation.  

    HR is on board and this directive came from the CEO as long as the privacy law fits.  IT has considered going with laptops without webcams built in and providing USB ones for the times they are needed but that decision is only if we're not able to make this ammendment to the AUP that's already in place.

    I know there's been a lot of litigation about expected layers of privacy when dealing with corporate assets and to be honest I don't remember many isntances where employees were granted the upper hand, especially with a strong AUP in place informing the employee that it's not to be used for personal use.  In my opinion, nobody is forcing an employee to take their device home and use it in place of a personal computer at home.  If they make that choice it goes directly against a policy put in place by management that they agreed to on hire.  I'm not sure where we would be in the wrong with maintaining that policy to be honest

    Was this post helpful? thumb_up thumb_down
  • This is true, but when they are in the office, almost all of our staff are in a fairly open area, quick walk arounds are done a couple of times a day to enforce clean desk policy and other security policies, so if they left it on (and they do now because the policy hasn't been implemented) we see it then.

    Ross.Tooke wrote:

    You could make a rule to prohibit anything.

    Question is, how will you know? If the rule isn't easily enforceable, it's a waste of time.

    Was this post helpful? thumb_up thumb_down
  • Actually I disagree that it matters and that they have an expectation of privacy at home or anywhere else they are in possession of a corporate asset.  It's outlined in the first statement that there is no expectation of privacy.  They sign the AUP before they start doing any work at the end of our security training.  

    I really don't consider this spying.  We're not looking for porn, or family pictures, or untoward message between cheating spouses, we're looking for business financial data that doesn't belong on the device, that belongs in the corporate secured servers.  DLP checks file transfers and emails sent and received, this is standard practice in a secure financial environment, it's a requirement in PCI DSS and SOC which we certify annually. 

    MikeDinIT wrote:

    IANAL -

    So there's an issue with where and when you can access those webcams.  People have a reasonable expectation to privacy in their homes and other places they may also use the laptops.  While you are entitled to monitor their activity on the laptop, using the laptop to potentially monitor their other activity may be an issue.Monitoring location, audio and video surveillance is going to quickly open you up to litigation for damages if the spying is ever done inappropriately.  Depending on the locale, any access of video or audio unbeknownst to the individual while they have an expectation of privacy could bear criminal and civil penalties.  

    If it is up to me, I will never have a policy that includes spying on employees this way.  The policy should be to never leave your computer unsecured, and never unattended longer than necessary.  If you can't trust the employees with nice things, don't give them nice things, or get nicer employees.  If you are supremely worried about thief, pay for warranties/theft protection, use TPM and FDE, stamp your company name on the laptops with serial numbers and contact info...please don't make employees hate working for your company by making them feel unsafe.

    Was this post helpful? thumb_up thumb_down
  • Of course we do all of the things you mentioned in the second paragraph already, but that doesn't prevent them from screenshotting data from their web app, or copying and pasting information into documents stored locally.  

    Our security policy is very strict, it's unfortunate that we have to keep it that way but we're dealing with financial data from fortune 100 companies and a data breach would END us, period.  It has to be this strict.  And to be honest, our employees are for the most part very sharp, they have to be to do their jobs and most are very nice, it's not that I feel many of them would disobey this directive if it's implemented, it's the fact that the decision was made to do this providing we can give some basic reference to legal precedent regarding it.  

    MikeDinIT wrote:

    IANAL -

    If it is up to me, I will never have a policy that includes spying on employees this way.  The policy should be to never leave your computer unsecured, and never unattended longer than necessary.  If you can't trust the employees with nice things, don't give them nice things, or get nicer employees.  If you are supremely worried about thieft, pay for warranties/theft protection, use TPM and FDE, stamp your company name on the laptops with serial numbers and contact info...please don't make employees hate working for your company by making them feel unsafe.

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • Dave6696 wrote:

    This is true, but when they are in the office, almost all of our staff are in a fairly open area, quick walk arounds are done a couple of times a day to enforce clean desk policy and other security policies, so if they left it on (and they do now because the policy hasn't been implemented) we see it then.

    Ross.Tooke wrote:

    You could make a rule to prohibit anything.

    Question is, how will you know? If the rule isn't easily enforceable, it's a waste of time.

    So you are looking for a technical solution to this problem - rather than remote viewing the camera, the best bet would be a way to put the laptop into a "lost state" where at startup, if it's in the lost state, it takes a picture with the camera and gets whatever geo-location is available and sends it out.  Problem is the computer would need internet access to do any of this...

    So let me ask you, what are the odds that someone who steals a computer can even get it to an internet connected state with any of your software running?  If they're knowledgeable at all, they will not boot the internal hdd, and even if they do they shouldn't be able to boot the system to the point where it even could access the camera, unless your laptops have LTE modems or something.

    Spice (2) flagReport
    Was this post helpful? thumb_up thumb_down
  • The technical side of this is actually already in place.  When we change it to lost, the anti-theft software automatically begins its process of taking pictures, and looking for unsecured wifi, connecting to it, and will begin uploading when it finds any.  It's entirely possible the machine never hits the internet and that's something that's expected part of the time.  

    Nobody in our company would ever just sit there and watch a video stream from a users web cam, that's far beyond what we're looking to do and is quite frankly really creepy.  This is a solution to a very slim set of circumstances, but that's what we were asked to do.  

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • It's wrong.  Monitor what is on the laptop, (that IS your job) not who is in front of it.

    Watching the employees, whether it's legal or not is wrong.

    If the equipment is covered by insurance, and the data is covered by encryption, then loosing a laptop is an annoyance, not a financial loss, and certainly not worth alienating staff.

    If it was me I'm pushing back, hard.

    Spice (6) flagReport
    1 found this helpful thumb_up thumb_down
  • Dave6696 wrote:

    Nobody in our company would ever just sit there and watch a video stream from a users web cam, that's far beyond what we're looking to do and is quite frankly really creepy.  This is a solution to a very slim set of circumstances, but that's what we were asked to do.  

    Yes it's creepy, and think about how a user might feel if you tell them they must keep their webcam uncovered, regardless of the reasoning you give.  It's about the perception that someone from IT could access my camera remotely, without my knowledge.  I do work from home sometimes.  I don't always wear pants.  Yes I'm entitled to privacy from my employer snooping on me via audio/video even from a company device.

    Here's an expensive example of a case from a school district local to me:

    https://en.wikipedia.org/wiki/Robbins_v._Lower_Merion_School_District

    The case ended up costing them millions, including a large six figure settlement for damages, despite the FBI deciding there wasn't enough evidence to proceed with criminal charges.

    Was this post helpful? thumb_up thumb_down
  • Actually we aren't monitoring the webcam, we're asking it to be unobstructed should it be needed, big difference.  What we do monitor is actually pretty standard in a financial services industry, so as strict as our policies are they really aren't as strict as some I've seen and been a part of.  

    We are attempting to mitigate financial loss, that's the whole end point for this policy change, if we can grab back a few devices per year, this saves the company money and that's what we're charged with doing.  

    Who is in front of it actually is part of my job.  Part of our security policy also dictates that nobody should operate the device in any capacity other than the assigned user, so if an employee is taking their computer home and they set it up for their child to watch cartoons, this is something that falls under already established policy and scope.  Don't get me wrong, that's not what we're looking for, as I mentioned this is only for if a laptop is reported lost/stolen, if that doesn't happen, we do not monitor the cameras at all, period.

    And one final point, it's not us doing the monitoring, it's actually the anti-theft software running through its routine to identify who has the laptop that shouldn't.  Granted we put the software in play, but it's not someone actually at the controls doing this.

    furicle wrote:

    It's wrong.  Monitor what is on the laptop, (that IS your job) not who is in front of it.

    Watching the employees, whether it's legal or not is wrong.

    If the equipment is covered by insurance, and the data is covered by encryption, then loosing a laptop is an annoyance, not a financial loss, and certainly not worth alienating staff.

    If it was me I'm pushing back, hard.

    Was this post helpful? thumb_up thumb_down
  • Wow, now THAT is actually creepy, however it is a completely different scenario.  As I mentioned the only time this is in play is when the laptop is NOT in the hands of its assigned employee.  The web cams are not monitored at any other time for any other reason.  

    The other monitoring we do is actually more likely to turn up personal information than what this policy is asking for.  In our monitoring for data leakage, we've uncovered documents with password lists (which is prohibited in this company and most I would think) and not just work passwords but their banks, credit cards and other sites nobody else should see.

    At the end of the day, I understand the privacy concerns but I also understand that these are not toys and they are not owned by the employee, they're owned by the company and i have to be a good steward of the company's assets, especially when they also could be used to leak data that could put us out of business.  That to me is far more scary than someone snapping an unsuspecting picture of me, one lawsuit from a data breach and we're possibly right out of business right there.  

    MikeDinIT wrote:

    Dave6696 wrote:

    Nobody in our company would ever just sit there and watch a video stream from a users web cam, that's far beyond what we're looking to do and is quite frankly really creepy.  This is a solution to a very slim set of circumstances, but that's what we were asked to do.  

    Yes it's creepy, and think about how a user might feel if you tell them they must keep their webcam uncovered, regardless of the reasoning you give.  It's about the perception that someone from IT could access my camera remotely, without my knowledge.  I do work from home sometimes.  I don't always wear pants.  Yes I'm entitled to privacy from my employer snooping on me via audio/video even from a company device.

    Here's an expensive example of a case from a school district local to me:

    https://en.wikipedia.org/wiki/Robbins_v._Lower_Merion_School_District

    The case ended up costing them millions, including a large six figure settlement for damages, despite the FBI deciding there wasn't enough evidence to proceed with criminal charges.

    Was this post helpful? thumb_up thumb_down
  • Dave6696 wrote:

    Wow, now THAT is actually creepy, however it is a completely different scenario.  As I mentioned the only time this is in play is when the laptop is NOT in the hands of its assigned employee.  The web cams are not monitored at any other time for any other reason.  

    The other monitoring we do is actually more likely to turn up personal information than what this policy is asking for.  In our monitoring for data leakage, we've uncovered documents with password lists (which is prohibited in this company and most I would think) and not just work passwords but their banks, credit cards and other sites nobody else should see.

    At the end of the day, I understand the privacy concerns but I also understand that these are not toys and they are not owned by the employee, they're owned by the company and i have to be a good steward of the company's assets, especially when they also could be used to leak data that could put us out of business.  That to me is far more scary than someone snapping an unsuspecting picture of me, one lawsuit from a data breach and we're possibly right out of business right there.  

    MikeDinIT wrote:

    Dave6696 wrote:

    Nobody in our company would ever just sit there and watch a video stream from a users web cam, that's far beyond what we're looking to do and is quite frankly really creepy.  This is a solution to a very slim set of circumstances, but that's what we were asked to do.  

    Yes it's creepy, and think about how a user might feel if you tell them they must keep their webcam uncovered, regardless of the reasoning you give.  It's about the perception that someone from IT could access my camera remotely, without my knowledge.  I do work from home sometimes.  I don't always wear pants.  Yes I'm entitled to privacy from my employer snooping on me via audio/video even from a company device.

    Here's an expensive example of a case from a school district local to me:

    https://en.wikipedia.org/wiki/Robbins_v._Lower_Merion_School_District

    The case ended up costing them millions, including a large six figure settlement for damages, despite the FBI deciding there wasn't enough evidence to proceed with criminal charges.

    I understand where you're coming from - my recommendation is to emphasize in the policy you have users agree to that you cannot/will not access the cameras/that the company does not claim the authority to do so other than in recovering lost assets.  This will protect the company when an admin goes rogue and starts spying on someone they have a crush on, because people are human and you have to protect the company.  I understand that this isn't what you are planning to do, that you are confident that no one on your team would even if empowered to, but it's a slippery slope and CYA applies.

    My major point is about user perception.  Regardless of your intentions, telling me I need to be visible via my camera (and you promise not to look) isn't great feeling-wise.  Explicitly defining how and when IT may look through that camera in an official policy will help with push-back, which is going to be inevitable with something like this.  Just my $.02

    Spice (3) flagReport
    Was this post helpful? thumb_up thumb_down
  • This would be the perfect way to keep me from working at home. If I cant cover my camera at home, laptop doesn't go home...

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • Dave6696 wrote:

    Actually we aren't monitoring the webcam, we're asking it to be unobstructed should it be needed, big difference.  What we do monitor is actually pretty standard in a financial services industry, so as strict as our policies are they really aren't as strict as some I've seen and been a part of.  

    We are attempting to mitigate financial loss, that's the whole end point for this policy change, if we can grab back a few devices per year, this saves the company money and that's what we're charged with doing.  

    Who is in front of it actually is part of my job.  Part of our security policy also dictates that nobody should operate the device in any capacity other than the assigned user, so if an employee is taking their computer home and they set it up for their child to watch cartoons, this is something that falls under already established policy and scope.  Don't get me wrong, that's not what we're looking for, as I mentioned this is only for if a laptop is reported lost/stolen, if that doesn't happen, we do not monitor the cameras at all, period.

    And one final point, it's not us doing the monitoring, it's actually the anti-theft software running through its routine to identify who has the laptop that shouldn't.  Granted we put the software in play, but it's not someone actually at the controls doing this.

    furicle wrote:

    It's wrong.  Monitor what is on the laptop, (that IS your job) not who is in front of it.

    Watching the employees, whether it's legal or not is wrong.

    If the equipment is covered by insurance, and the data is covered by encryption, then loosing a laptop is an annoyance, not a financial loss, and certainly not worth alienating staff.

    If it was me I'm pushing back, hard.

    Your users actually lose that many devices per year that you need to have a policy like this?

    Was this post helpful? thumb_up thumb_down
  • You need to tell the CEO that this is not an IT issue but a Legal/HR issue and wash your hands of it.

    Spice (1) flagReport
    3 of 4 found this helpful thumb_up thumb_down
  • Similar monitoring has been done by businesses in the past, and has gone to court numerous times since 2010.

    Guess how many companies won the lawsuits? - 0 -

    Just because the company owns the hardware does not give them legal justification to using the camera for monitoring activities in an environment outside the workplace. If the camera takes pictures and stores them locally on the laptop, that is a different set of circumstances, and is considered an electronic self defense mechanism since it does not allow for real-time access or monitoring.

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • As a whole, we have a pretty good relationship with our user base and they understand the need for security to be as strict as it is.  Any policy change would absolutely include language that indicates and reassures that this isn't monitoring of the webcams while they are working on them and only when it is reported lost or stolen.  

    I also understand where you're coming from with an IT user gone rogue but to be honest, the management actually has more oversight over us than we do over the users, so while I can't say for sure that an IT person, who by design is crafty and highly intelligent, wouldn't get caught, I can say that there is a better than decent chance that they would get caught.  

    It's interesting that a lot of the responses have gone straight to and thought that this was all about checking up on the users via webcam access.  Maybe it was the way I worded it but I tried to be clear that we're not monitoring this at all unless the laptop is gone.  

    MikeDinIT wrote:

    Dave6696 wrote:

    Wow, now THAT is actually creepy, however it is a completely different scenario.  As I mentioned the only time this is in play is when the laptop is NOT in the hands of its assigned employee.  The web cams are not monitored at any other time for any other reason.  

    The other monitoring we do is actually more likely to turn up personal information than what this policy is asking for.  In our monitoring for data leakage, we've uncovered documents with password lists (which is prohibited in this company and most I would think) and not just work passwords but their banks, credit cards and other sites nobody else should see.

    At the end of the day, I understand the privacy concerns but I also understand that these are not toys and they are not owned by the employee, they're owned by the company and i have to be a good steward of the company's assets, especially when they also could be used to leak data that could put us out of business.  That to me is far more scary than someone snapping an unsuspecting picture of me, one lawsuit from a data breach and we're possibly right out of business right there.  

    MikeDinIT wrote:

    Dave6696 wrote:

    Nobody in our company would ever just sit there and watch a video stream from a users web cam, that's far beyond what we're looking to do and is quite frankly really creepy.  This is a solution to a very slim set of circumstances, but that's what we were asked to do.  

    Yes it's creepy, and think about how a user might feel if you tell them they must keep their webcam uncovered, regardless of the reasoning you give.  It's about the perception that someone from IT could access my camera remotely, without my knowledge.  I do work from home sometimes.  I don't always wear pants.  Yes I'm entitled to privacy from my employer snooping on me via audio/video even from a company device.

    Here's an expensive example of a case from a school district local to me:

    https://en.wikipedia.org/wiki/Robbins_v._Lower_Merion_School_District

    The case ended up costing them millions, including a large six figure settlement for damages, despite the FBI deciding there wasn't enough evidence to proceed with criminal charges.

    I understand where you're coming from - my recommendation is to emphasize in the policy you have users agree to that you cannot/will not access the cameras/that the company does not claim the authority to do so other than in recovering lost assets.  This will protect the company when an admin goes rogue and starts spying on someone they have a crush on, because people are human and you have to protect the company.  I understand that this isn't what you are planning to do, that you are confident that no one on your team would even if empowered to, but it's a slippery slope and CYA applies.

    My major point is about user perception.  Regardless of your intentions, telling me I need to be visible via my camera (and you promise not to look) isn't great feeling-wise.  Explicitly defining how and when IT may look through that camera in an official policy will help with push-back, which is going to be inevitable with something like this.  Just my $.02

    Was this post helpful? thumb_up thumb_down
  • Unfortunately, though, this actually is our baby, it becomes part of our daily security checklist, same as walks through checking insecure printing, clean desk policy, and unlocked workstations.  HR is on board and like I mentioned, the basis for the question is just to get an idea about legal precedence.  I'm actually also responsible for updates to security policy so I'm really stuck with it. 

    Dukat wrote:

    You need to tell the CEO that this is not an IT issue but a Legal/HR issue and wash your hands of it.

    Was this post helpful? thumb_up thumb_down
  • So where have you found reference to a similar case?  I'm very interested.  Keep in mind we're not monitoring while users are active on the computer, only after it's reported stolen or lost.  This actually is the reason for the post, so if you do have some reference to that, please let me know. 

    CrashFF wrote:

    Similar monitoring has been done by businesses in the past, and has gone to court numerous times since 2010.

    Guess how many companies won the lawsuits? - 0 -

    Just because the company owns the hardware does not give them legal justification to using the camera for monitoring activities in an environment outside the workplace. If the camera takes pictures and stores them locally on the laptop, that is a different set of circumstances, and is considered an electronic self defense mechanism since it does not allow for real-time access or monitoring.

    Was this post helpful? thumb_up thumb_down
  • Again, there is no policy of monitoring the webcam UNLESS its reported lost or stolen.  There would NEVER be a time, EVER, when the webcam is monitored during normal operation by our users.  

    The anti theft software is actually doing the monitoring/picture taking and that is only in effect AFTER the laptop is reported lost or stolen.  

    Just wanted to clarify this perception that we are somehow monitoring these webcams whenever we want.  There is NO policy in place that we follow that lets us tap into the webcam feed.  

    DHorsleyJr wrote:

    This would be the perfect way to keep me from working at home. If I cant cover my camera at home, laptop doesn't go home...

    Was this post helpful? thumb_up thumb_down
  • Make a policy that any unauthorized stickers/ other items are not allowed at anytime to be attached to the laptops. This should mitigate the camera hiders because it is unauthorized.

    You are talking about something like lojack where it will only take pictures through the camera if it is in a lockdown mode.

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • This is absolutely what we're talking about.  The policy is actually already written, we're just researching where this stands in the legal frame.  I think in the end, I'm just going to submit my opinion up to legal and let them make the final call.  I really don't see where what we would like to do infringes anyone's privacy rights but I do see where clarification of the policy will have to be crystal clear.  

    jimender2 wrote:

    Make a policy that any unauthorized stickers/ other items are not allowed at anytime to be attached to the laptops. This should mitigate the camera hiders because it is unauthorized.

    You are talking about something like lojack where it will only take pictures through the camera if it is in a lockdown mode.

    Spice (1) flagReport
    0 of 1 found this helpful thumb_up thumb_down
  • If the sole object here is to locate and recover a stolen/lost laptop then another tracking tool such as Lojak for PC's will do the job.

    As most of this thread has stated denying the user the right to cover the camera is tricky legal territory.

    Don

    Was this post helpful? thumb_up thumb_down
  • The most recent case regarding remote webcam access that I can remember was actually a School. The terms for remote webcam access to recover stolen laptops were explicitly spelled out in the usage agreement. They still lost the case because the actions of being manually controlled ran afoul of unlawful surveillance and invasion of privacy.

    What you have to consider is that just because your employees cant cover the webcam, doesn't mean that a thief cant. I did part-time work for a pawnshop for a number of years, and 90% of the stolen laptops that people tried to pawn had the webcams covered up by stickers or tape.

    Your best option is to use an embedded solution like Prey or Absolute LoJack, which does this automatically once the machine is reported stolen through the management interface.

    The legality usually boils down to manual control, vs automated and self-contained process.

    Was this post helpful? thumb_up thumb_down
  • Without tipping our hand to what we use, it's an industry standard app just like the 2 that you mentioned.  The policy to be put in place clearly outlines the only acceptable reasons for the monitoring of the webcam which is that it is no longer in company possession.  We fully understand your smart criminal will cover it up, however, an opportunistic teenager probably won't.  It's simply a case of trying to do what we can to help the possible return of the asset.  

    I think I read the same article about the school but it didn't appear that their policy outlined anything and they just monitored without informing the students or their parents.  It may have been a different case.  In our situation though the updated policy that is waiting for roll out clearly defines the only time they can be activated is when the laptop is lost.  It's an automatic process run by the software, there's no manual intervention from us at all, apart from "flipping the switch" saying that the asset is missing.

    CrashFF wrote:

    The most recent case regarding remote webcam access that I can remember was actually a School. The terms for remote webcam access to recover stolen laptops were explicitly spelled out in the usage agreement. They still lost the case because the actions of being manually controlled ran afoul of unlawful surveillance and invasion of privacy.

    What you have to consider is that just because your employees cant cover the webcam, doesn't mean that a thief cant. I did part-time work for a pawnshop for a number of years, and 90% of the stolen laptops that people tried to pawn had the webcams covered up by stickers or tape.

    Your best option is to use an embedded solution like Prey or Absolute LoJack, which does this automatically once the machine is reported stolen through the management interface.

    The legality usually boils down to manual control, vs automated and self-contained process.

    Was this post helpful? thumb_up thumb_down
  • Dave6696 wrote:

    ... 

    We are attempting to mitigate financial loss, that's the whole end point for this policy change, if we can grab back a few devices per year, this saves the company money and that's what we're charged with doing.  

    Don't get me wrong, that's not what we're looking for, as I mentioned this is only for if a laptop is reported lost/stolen, if that doesn't happen, we do not monitor the cameras at all, period.



    C'mon, it's a silly amount of work, and opening up a giant can of worms, on the hopes the bad guy is stupid enough to turn the machine on after he's stolen it without disabling the anti theft and smiles for the camera.

    Oh, and I'd also point out the picture of the bad guy is pretty much useless unless the laptop is recovered by other means.  If you think law enforcement is going to make any attempt based on a picture....

    Was this post helpful? thumb_up thumb_down
  • Perhaps meaningless now, in the near future though? In the distant future?  We don't plan for right now with anything, we plan on what is possible and try and prepare as best we can for it.  My task as given by the CEO was to draft the amendment and check for any glaring legalities.  Will it catch anyone?  Who knows, but at this point, that's really not my concern.  My concern is to give us the best opportunity and that includes the software we license for this application and now, adjusting policy to make sure that one of the features that the software employs, is available.  

    This software does much more than track photos, it gives an entire packet of evidence for police to act on, nearby wifi SSID, IP addresses, movement patterns, pictures, all web activity so it's more than just a photo.  

    Is it really a silly amount of work?  Not really, not yet anyway.  Answering posts on Spiceworks have amounted to a couple of hours, there's been a couple of hours put into the amendment to the AUP and a few more in research.  I wouldn't consider it silly or wasted at this point really.

    furicle wrote:

    Dave6696 wrote:

    ... 

    We are attempting to mitigate financial loss, that's the whole end point for this policy change, if we can grab back a few devices per year, this saves the company money and that's what we're charged with doing.  

    Don't get me wrong, that's not what we're looking for, as I mentioned this is only for if a laptop is reported lost/stolen, if that doesn't happen, we do not monitor the cameras at all, period.



    C'mon, it's a silly amount of work, and opening up a giant can of worms, on the hopes the bad guy is stupid enough to turn the machine on after he's stolen it without disabling the anti theft and smiles for the camera.

    Oh, and I'd also point out the picture of the bad guy is pretty much useless unless the laptop is recovered by other means.  If you think law enforcement is going to make any attempt based on a picture....

    0 of 1 found this helpful thumb_up thumb_down
  • Dave, you're probably thinking of the case where the district IT personnel were randomly connecting to the devices and taking pictures, and they didnt have the administrative policies governing it at all. I remember that case as well. that one was considerably worse.

    Was this post helpful? thumb_up thumb_down
  • Yea that does sound familiar.  Someone earlier on in the post mentioned one that sounds a lot like that.  Not sure what the powers that be thought when they implemented that plan.  That definitely has me shaking my head.

    CrashFF wrote:

    Dave, you're probably thinking of the case where the district IT personnel were randomly connecting to the devices and taking pictures, and they didnt have the administrative policies governing it at all. I remember that case as well. that one was considerably worse.

    Was this post helpful? thumb_up thumb_down
  • OP seems extremely intelligent and highly patient. I wish you luck. I'm with everybody else here that this is going to get ugly and open yourselves up to lawsuits, BUT, and I mean this, BUT, I see your point as to why you're trying to implement this (servicing fortune 100 companies, a data-breech would end you on the spot etc etc).

    Good luck and please keep us posted.

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down

Read these next...

  • Snap! WebView2-Cookie-Stealer, lost USB drive, tech jobs, Atari turns 50, & more

    Snap! WebView2-Cookie-Stealer, lost USB drive, tech jobs, Atari turns 50, & more

    Spiceworks Originals

    Your daily dose of tech news, in brief. Way back on this day in 1995, Spyglass went public. Not sure who they were? Spyglass was founded by students at the Illinois Supercomputing Center, which also inspired Netscape Communications Corp, and they (...

  • Do you ever interact with your co-workers/team in person?

    Do you ever interact with your co-workers/team in person?

    Spiceworks

    June 30th is work from home day and in this new age of working from home, many people only interact with their coworkers in virtual ways, particularly if they assumed their role mid-pandemic.  In fact, bizarre as it may seem, some people have never met th...

  • Burning the employment bridge

    Burning the employment bridge

    IT & Tech Careers

    Today is my last day at my current job. The company interviewed several candidates and picked the best one they could find. I had no input in this process. Not a big deal. The new guy started yesterday, and we walked through the 4 properties I manage, and...

  • Help troubleshooting Edge RAM usage

    Help troubleshooting Edge RAM usage

    Windows

    Hi, I have a Windows Server 2016 Datacenter Version 1607 build 14393.5192 server as a Hyper-V guest OS running remote desktop services that a few users access from home to access local services while off site.I am currently having an issue where Edge is u...

  • Spark! Pro Series - 27th June 2022

    Spark! Pro Series - 27th June 2022

    Spiceworks Originals

    Welcome to another new week. Here is another bundle of fun stuff to get your week off to a good start. Remember to click that Spice button!   Today in History: 27th June 2017 – NotPetya Malware knocks out syst...