> In the US, there's the expectation that when you use an employer-provided device that any and all activity on it can be fully monitored/recorded
I don't expect this. I know that some companies install spyware on their devices, but I don't expect it, I don't accept it, and if they did it without disclosing it I'd be furious. I understand they're allowed to do it. I'd never work anywhere that did.
You can rest assured a company firing you for what they saw while surveilling your work computer will not be so stupid as to reveil this fact. That would indeed be a liability for them. They will simply invent a different reason for firing.
Because they know it's not allowed (or at least frowned upon), but they decided to do it anyways, the company surveillance is kept secret and downplayed and plausibly denied as much as possible.
Well, usually they would never tell the person the real reason for the firing or layoff anyways. there's no benefit for them to tell you, it just increases liability.
Or they just find another way to show you did it - the idea is very similar to how law enforcement uses illegal spying. They simply find another way to prove what they already caught you doing - it’s called Parallel Reconstruction.
parallel construction
I think the keyword is “can”.
It is allowed, contrary to eg the EU, where this is not allowed.
It’s not true that it’s not allowed in the EU. There’s the Barbalescu ruling which is case law that says employers must fulfill a bunch of criteria around informing employees, the necessity of the monitoring, and they are not allowed to impose blanket bans on private use, but it is still legal to monitor employees in the EU.
It can be legal, but demonstrating the necessity is a significant bar.
Yeah, I know they can. I just can't believe it's normalized and that people simply accept it. Good on the EU for pushing back.
I guess from my perspective there are even more dire problems in the US that I'm surprised people accept. But it seems they don't know, or care, or know that they should care.
Perhaps it's the lack of proper authoritarian regime in the US' past that drives this. I believe the temporal proximity of such makes people aware of, and angry against, the many traps that such systems leave in their "law", so you can be imprisoned anytime for anything. EU has a bunch of countries with varying degree of such past.
Most people need to work to support themselves so it's quite inconvenient to single-handedly solve all of the problems in the US. Suggesting people simply don't know or care is very naive.
On the time where Europeans fought for their worker rights they had to work, too. Often even not yet having other civil liberties.
However a thing that changed is impact: A handful coal workers could interrupt work in significant ways.
I’m sympathetic to this view, butI don’t see any evidence they actually do know or care though. This (workers rights) gains no traction in US elections. You have this weird macho culture around it, almost like complaining about this abuse would be a sign of personal weakness.
You should expect it because it's the safest position to work from. Don't use your work device for non-work, they may be tracking something or everything and do you want that in that record.
Additionally, don't use personal devices for work, but that is because of other reasons.
I'm surprised you can't believe it.
Most companies large enough to have their own IT have monitoring and know what's going through their network. The larger the company, the more likely they're watching. I've personally never seen that information used against anybody unless they were looking at shady stuff (porn, hacking websites, etc.), but I'm sure they're monitoring.
Even outsourced IT for small companies will often put "security" software like Sentinel One or Sophos on machines they manage, and those can track and block web traffic, report everything being installed, and even MITM HTTPS traffic.
Personally I don't see the big deal. If I don't want my employer watching something, I don't do it on their network. I monitor what's going on in my tiny home network, and I expect anybody administrating larger networks does the same thing.
Why the scare quotes around security?
It is allowed under certain circumstances.
I am pretty sure there would have to be a court order, i.e. a severe violation would have to have good ground to be suspected.
No court order. Just a suspicion against an individual, and a process to follow. Plus, you have to tell them. There is no mass surveillance without notice, correct.
> It is allowed, contrary to eg the EU, where this is not allowed.
Its allows in most of the EU apart from germany where there are strict limits.
however you can still record what your users are doing for purposes of detecting fraud. This is where it differs from the USA, where they can do anything because they have no data protection laws.
I always assume it is the case that my company will spy on my work computer. It’s naive to assume otherwise; there are just too many incentives/externalities for it to not happen given enough time and a reasonably funded infosec department.
if it's a device provided by your company, it's very likely it'll have some spyware on it.