Skip to content

Monitored

img_4596

I wonder when the first firing based on monitoring the location of your phone will occur? Has it already happened? Were you really “working from home”, or were you out goofing off? Their ability to check and see if you were at home, and their ability to monitor keystrokes on your computer will give them all the ammo they need.

 
 
 

I had to be among the first to go completely wireless – not long after I got a cell phone, I quit paying for a landline. 1997? Ish.

Around 2002-3, my manager asked me why I didn’t have a work cell phone – in a manner that strongly implied I should have one. Not everyone had one, back then. It required approvals all up the chain. I felt special.

I kept my personal mobile for a while, but, like most of my colleagues, didn’t see the point in carrying two phones – more importantly, paying for a personal phone. Work paid for the one, and on the unlimited plan, who cared if you used the work phone for personal use? Nominally you weren’t supposed to, but what difference did it make? Unlimited is unlimited.

This amounted to a quite substantial monthly raise (mobile bill), with a yearly bonus (new phone).

And there was no way for work to monitor your usage, other than minutes and megabytes.

Back then, they didn’t even have the net-nanny software in place. You could surf porn at work (not that I did), but there was no capability to monitor, other than keeping your screen turned away from the door.

We had to battle the bureacracy to get a Razr instead of a candybar Sony-Ericsson. Aside from still being a very sexy design, the Razr was one of the first to have a decent interface. Then more battles to get the first iPhone.

Now iPhones are forced on everyeone, and approval is automatic. It’s the ones with real power who don’t have a mobile, at least one not listed in the directory, who don’t get called on weekends. VIPs have a landline only.

Technology has caught up. There’s no free ride anymore. The networks require passwords. You can’t even think about getting your personal device on the network. Though it’s not really necessary anymore with a personal device with LTE. Forget about being able to ssh from home without the two-factor authorization VPN. Though VPN mostly just works now, aside from weird German IT network setups and hotels. There’s a net-nanny. Though there is nothing stopping me from simply bringing in my own device and looking at the same site on that.

Policies strongly imply that you shouldn’t be using your work phone for personal use – hell, they say it outright. I look forward to someone getting canned because they don’t have two phones.

The latest phone came with the management software shown above.

Capability implies intent, as they say. Until a couple of years ago, I didn’t think they had the capability, based on talking to knowledgeable friends. That’s when I got my own personal mobile again. Taking the equivalent salary cut. One must assume that Echelon-type capabilities are available to Lockheed-Martin at this point. Even on the landlines, which are VOIP.

GSM is easily hackable, so you must assume that LM has the capability to listen to your phone conversations. Not that anyone talks on the phone anymore. Unless they want to be bored to death by the daily bi-continental telecons.

They’ve always had the metadata.

You could turn off your work phone, park it on your desk, not allow your work laptop to connect to your home network (fair is fair), or not even bring it home, but eventually you have to bring it back to work and put it back online, and the keystroke monitor will phone home then.

My work nominally involves a fair bit of staring off into space, at least on a good day. So at least for me, I could claim that I was putting pencil to paper. But most people’s jobs are pretty keyboard intensive.

(Of course it’s not going to matter that you worked weekends if they see that you were at Disneyland on Monday. That’s a ratchet only goes one way.)

The takeaway though, is that you will be monitored 24/7/365, not only by the NSA, but more frighteningly for most of us, by your employer.

It’s going to require some serious opsec to avoid getting fired if they are out to get you. As with most rules – the rules are not designed to keep you from doing the prohibited thing; they are designed to give a Cardinal Richelieu basis for getting rid of you if they decide they don’t like you anymore. Like the NSA. They can’t catch anyone, but they can provide evidence for the trial that will make you look guilty whether you are or not.

They won’t really care for 99% of the employees whether they were at Disneyland instead of “working at home”; they don’t want to lose half their workforce inside a year. But if someone there takes a dislike to you, it’ll be easy to find a violation of policy. There are so many. Policies.

They’ve given you a tracking device, and didn’t require you to carry it 24/7/365, but rather addicted you, and structured the job (and the economy) so that it’s mandatory to carry it everywhere. Your every move, every search, every web page, every email, can be monitored by your work-supplied device, whether you are at work or not.

Of course this applies the NSA too, if you carry any mobile device, not just the one that work requires. But the NSA, while evil, is just not that interested in me. Like Cthulu, it’s just too big. My employer, on the other hand…

I’ve seriously considered just leaving my phone at work at the end of the day. Or putting it in a Faraday shield at quitting time. Not having one is not really an option – aside from being just about mandatory these days for travel. One needs it for work – work has evolved so that this is a tool that is required.