Employee Computer Surveillance

Many of us know that EPA has a policy allowing limited use of EPA's computers for certain personal activities. As a result, many of you do the occasional personal web surfing, check your personal email, or check Twitter or Facebook. EPA's policy notes that the policy is "to provide you with a professional and supportive work environment while meeting taxpayer expectations that tax dollars will be spent wisely."

The policy allows "limited personal use ... during non-work time:

  • if it involves minimal additional expense to the Government;

  • if it does not reduce your productivity or interfere with your official duties or the official duties of others;

  • if you are already authorized to use the equipment for official Government business; and

  • if it is legal and appropriate."

What you may not have considered, however, is that EPA is looking over your shoulder while you're doing that limited personal use. EPA may be viewing the Facebook accounts that you view, the tweets that you view, your emails and photos, and anything else that comes over its network. So if one of your friends thinks it's funny to send you a nude photo to your personal email account, when that photo loads on your government computer, the government can, if it wants to, see that photo even though you did not save a copy. A copy of that photo is automatically saved, whether you want it or not, on your computer's hard drive web "cache" and can be used against you later.

Tools EPA uses or can use to monitor your activities include:

Our advice is that you significantly limit your personal use on your government computer. Use your phone. Use your personal laptop. Use your home computer. But keep your personal browsing and other activities off government computers as much as possible. Put a cover over your laptop camera.  Mute your microphone.  But keep in mind that there are workarounds where the agency can activate the microphone against your wishes and record each keystroke you type.

If you're focusing on your work rather than on personal surfing, you're fine. But it's good to be cautious. Just because you're paranoid, doesn't mean they're not out to get you!

 

Just Because You're Paranoid...

....doesn't mean people aren't out to get you.

This week, noted security expert Bruce Schneier mentioned in his Crypto-Gram newsletter an interesting hack of a computer monitor. He notes:

A group of researchers has found a way to hack directly into the tiny computer that controls your monitor without getting into your actual computer, and both see the pixels displayed on the monitor -- effectively spying on you -- and also manipulate the pixels to display different images.

Mr. Schneier's note reminds us of an important point. When you're using your government computer, the agency can and does actively spy on its employees. They can view the websites you visit, passwords you type on your keyboard, and even activate the camera and microphone on your computer.

All this is a way of saying that you should avoid doing personal web surfing on your government equipment. While EPA has a limited personal use policy that allows some use of the government computer for non-government purposes, it always easier not having to explain to your boss why you are visiting 75 pages a day on the Washington Post website. Our recommendation is do your surfing on your personal phone.