Robert,
In the United States employees have no legal expectation of privacy
using computers and access owned by their employers. In fact, most
corporations have strict policies forbidding any sort of personal use of
these resources in order to prevent any sort of liability or criminal
activity. The reason for my question quite simply, is that we do have
the aforementioned policy, and violating it is a terminating offense. We
also have several employees who are repeatedly accessing websites
expressly forbidden by both name and ip address. As we cannot, for
business reasons, simply block access to the entire Internet, my employers
wish to see what these employees are doing on these websites. If I cannot
prove they have legitimate reason to be there, they will summarily
terminated, and legal action may be pursued. It may be unfair and it may
be harsh, but these are the conditions I am forced to deal with. If I
can't log the material, and demonstrate it's validity in private, then
these people will be fired.
If I must, I will resort to packet sniffing in order to save these
people's jobs. Logging it through the proxy however, with a nicely
organized trail of accesses would, as you might imagine, save me quite a
lot of time and effort in doing so.
On Wed, 4 Sep 2002, Robert Adkins wrote:
> Maxwell,
>
> Most of those forms are encrypted and I believe that this encrypted data
> is never cached/logged.
>
> There is another issue that you will need to go over with your legal
> department/lawyer and your Human Resources department, if you choose to
> attempt this. To do this is quite an unethical act and probably highly
> illegal.
>
> First off, this could create a listing of the proxy server users Social
> Security Numbers (If in the US.) if they were to be applying for a loan
> during lunch. This could also create a listing of their usernames and
> passwords for accessing their personal bank accounts or any other
> web-site that they may visit.
>
> Unless I am mistaken, what you are suggesting will break quite a number
> of privacy laws, at least within the US and could get you into serious
> trouble with the law. I believe that you could end up facing Federal
> Charges, if you are in the United States.
>
> If this is something that was suggested to you by your employer, then
> you may wish to bring this to their attention and have them discuss this
> with their lawyer before moving forward with this unethical, immoral
> task.
>
> The last thing that you would need to consider, is what happens if you
> create this list and someone hacks your site? All of this information
> could end up in the hands of other highly unethical people and that
> information could then be used to seriously damage the financial
> livelihood of the people that you "innocently" collected information
> from.
>
> Regards,
> Robert Adkins
> IT Manager/Buyer
> IMPEL Industries, Inc.
> Office: 586-254-5800
>
> -----Original Message-----
> From: maxwell [mailto:maxwell@mindscrape.com]
> Sent: Wednesday, September 04, 2002 12:11 PM
> To: mailinglistsquid-users@squid-cache.org; squid-users@squid-cache.org;
> Robert Adkins
> Subject: [squid-users] logging question
>
>
>
>
> Is it possible to configure squid to log the full contents of all
> form
> submissions a user makes? I.E. all get/post/etc requests?
>
>
>
Received on Wed Sep 04 2002 - 13:46:21 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:05 MST