Conference 7.286::digital

This program (at least a few years ago) was specifically forbidden from being
put on Digital's systems, as it was considered to be contrary to Digital's
Employee Relations philosophy.

Too bad you're not in Germany; it would be specifically illegal there.

I also think that it is _unethical_ here to install such a program without
first notifying the users (just as it would be unethical to have supervisors
at a call-handling system monitor calls without notification that it's being
done).

Does it record both input and output?  If this is a VMS system, it seems that
you would end its use quite quickly if it records output by simply typing the
following:

$ create x.tmp

	$ l: write sys$output "I've gone to lunch"
	$ goto l
^Z

[email protected]

And then taking your lunch break.

/john

<Does it record both input and output?  If this is a VMS system, it seems that
<you would end its use quite quickly if it records output by simply typing the
<following:
<
<$ create x.tmp
<
< 	$ l: write sys$output "I've gone to lunch"
<	$ goto l
<^Z
<
<[email protected]
<
<And then taking your lunch break.
<
</john

    
    
    	John,
    
    		You have an evil side. I love it.
    
    	Jerry

re: "I've gone to lunch" procedure

I would recommend it! This will exercise your video terminal while you are
away and could ferret out any impending terminal problems. I suggest you
run it for a looooooong time!

Lee

    RE: .1 Yes your cute command file would do the trick. Of course
    it's a band aid solution at best.

    Can you point us to something written down (policy, DIS Policy)
    that indicates that it's outside company guidelines? Anyone?

    		Alfred

I couldn't dig up the exact reference.  You may be able to find it in minutes
of an Information Security Committee meeting about three years ago or so.

/john

    Unfortunately, there are various incarnations of this program 
    available on the net. I believe the most recent is called WATCH.
    I also seem to remember seeing a memo sometime around a few years ago that
    expressly forbids the use of this kind of code running on any DEC
    internal system.
    I'm sure it is a violation of Digitals security regulations. 
    I would consider reporting this to the security folks.

    If they are using the above mentioned program, you can thwart it by
    setting host to the system your on (ie: SET HOST 0). The WATCH program
    cannot record remote terminal sessions (unless someone has rewritten it
    to do so - difficult, but not impossible).

    pd

    Alfred, or other moderators.  Could we have a title change for this
    note? The anonymous author of .0 is not paranoid.
    
    Progams of this sort were found in older timesharing systems,
    especially those like the 36-bit TOPS-10 and TOPS-20 systems.  Aliases
    for these programs are WATCH, ADVISE, and SPY.  The Digital-written
    versions of these programs for TOPS-20 would announce when they were
    running on a users terminal.  Third-party written programs for VMS do
    not.  In some of the advertising I've seen for them, it is labeled as a
    tool for determining the source of security problems.
    
    The lack of a explicit prohibition against such programs at Digital is
    probaby for the same reason that there is no explicit prohibition
    aganist concealed microphones in cubicles: it is such an obvious breach
    of employee privacy that no one thought it would be necessary to write
    it down in DP&P.

    re .1:
    
    Clever, but without a WAIT statement, the user might get spanked
    for unbridaled usage of the CPU.  Is the WATCH program supposed
    to identify just this kind of system misuse?
    
    I guess this brings out a very relevant question...
    What does the WATCH program supposed to look for?  System
    misuse or is it someting that system users can run to "watch" I/O
    of other (unsuspecting) users (i.e. "Butt-In")?
    
    OK, just to play a little devil's advocate here and stimulate the
    conversation, what if this WATCH Program is supposed to look for
    security breeches?  What if it is supposed to monitor recreational
    use vs work use of the system... of the system and of disk space?
    
    I don't want "Big Brother" looking over my shoulder as I send personal
    MAIL to friends that work for other companies any more than anyone
    else does, but maybe some illegal technical interchange might be
    identified in the process if it routinely was monitored.  Maybe
    inefficiently coded applications (CPU HOGS) could be identified
    and modified to stream-line the system.
    
    Like I said, just playing devil's advocate a little.
    
    
    Dave
                                           

    RE: .8 Except for the use of checking security breaches, none of
    your examples are ethical without prior warning. I would hold that
    checking security is only a valid use if the login is remote.
    
    "Routine" monitoring is not in my opinion ethical. Especially with
    out prior warning. In some countries where Digital does business these
    programs are not even legal.
    
    			Alfred

	re .1  Better then writing to sys$output, is to type-out the con-
	tents of an executable or object file. 

	In a computer ethics course I took in college, any such activity 
	as described by .0 was considered unjustifiable.  My own opinion 
	is that any manager who needs to resort to such a tool to measure 
	a workers performance/behavior is not a very good manager!
	
	Ken

Ok,
We all seem to agree that using programs like this is an unethical
practice at best.  Now, what can the author of .0 do? (constructively, now)
Nobody has been able to come up with any hard references in PP&P or any
related documentation.  We all agree that it is implicitly banned by the
spirit of those documents, however it would seem clear that .0's management
either does not see that, or is conveniently ignoring it.

So, ho would you go about educating the person who holds your immediate future
in his/her hands, in the absence of such explicit references?

Kevin

To add another hacker's perspective comment...

I am not aware of any snooper program that can listen in to an
RTxn: terminal.  Some of the ones available from DECUS will even crash
the system if they are used on an RT.  The commercial ones tend to
be a little smarter.

So if you want to keep something confidential you could set host 
from a "secure" system to the one with the Peeping-Tom.

John

    
    	     Back when it worked (prior to VMS v5) the WATCH program
    	was used at our site by the HELPLINE (support) people to 
    	help users with problems. According to them it save them
    	a LOT of hassle since they could see that the user was
    	typing <BREAK> when they were SAYING they were typing
    	Control-C.
    
    	They really nagged us system managers when we went to
    	VMS v5 and it broke. (Yes, I know, it "works" on VMS
    	v5, but crashes JUST often enough that we stopped using
    	it)
    
    						Warren
    
    

    Don't bother TYPEing garbage or .EXEs... Extract this note and TYPE IT
    a few hundred times.  Maybe someone will get the hint.

  re. < Note 970.11 by RIPPLE::FARLEE_KE "Insufficient Virtual...um...er..." >



	Ok, if the individual wants something done about it, why not 
	get it documented first?  If another process gobbles-up more
	CPU time as his CPU time increases, write it down and what if
	the individual runs the routine mentions in .1 over night, does
	another disk run out of available space?  Maybe he can utilize
	the accounting utility or a performance monitoring tool to pro-
	vide the necessary info.  Once documented, the issue could be 
	addressed through the open door policy - assuming someone is 
	willing to take action on it.

	Ken

It would seem that the 'WATCH' program all of you are talking about is not
the same one I used back in my programming days.

That 'WATCH' program simply draws a chart and then lists the top seven or
eight users (cpu-wise) currently running.  We utilized the program to aid
in efficient programming.  If one technique produced over-use of the CPU
we'd try another route.

Don't know how it could be used for 'spying'.  All it would tell us is that
someone was working the system pretty hard.

Betty

    Want about certain government agencys that monitor activities on
    the net?  They can get pretty deep into our systems without detection.
    
    For people to think there is privacy on systems tied into vast networks
    is foolish.
    
    
       
    

	RE: .17 Sounds like an issure for a different topic. More likely
	a whole different conference.

			Alfred

    re.16
    
    The current "watch" is different from what you refered to. This
    one will display on your terminal exactly what is on the "target"
    terminal and it will even allow you to use your keyboard for typing.
    
    When used as a tool it has value. Examples would be 2 engineers
    brainstorming over the same crash dump. Other uses could be in training
    where all the student tubes are watching the instructor tube and as
    mentioned elsewhere it can be used to support users quite nicely.
    
    When used to spy, harass, hack or otherwise ruin somebodys day that is
    another story all together and should not be tolerated. It should
    be noted that the person running the program has to have priv's
    so if he/she is inclined to snoop they can get anything in your
    account anyway, unless you have a nifty data encryption routine
    where only you have the decryption codes.
    
    There are 2 versions as I recall, one for V4.x and one for V5.x
    and the statement that it will crash when trying to watch an RTxx
    terminal is true. It will also crash (sometimes) by trying to ^C
    out of it instead of ^Z.
                                             
    So by watching (no pun intended) who has priv's and setting host
    0 you can thwart the usage of the "watch" programs.
    
    

    The transition from manufacturing, assembly-line jobs to professional,
    office jobs was supposed to relieve the stress and anxiety of working.
    No more, it was thought, would workers be subject to line speed-ups and
    the crushing monotony of tightening the same four bolts on the body
    panels of two cars a minute for eight hours a day.
    
    Instead, the stress of computer end users, particularly word-processing
    operators and data entry clerks, is as great as it ever was for
    assembly-line workers, despite the nice offices, climate control, noise
    control, and general cleanliness.  Just look at the turnover rates!
    
    Why is this so?  Perhaps office workers' knowing that a computer is
    fully capable of generating keystroke reports for every worker (e.g.,
    "User JONG, 11/14/89, 102,454 keystrokes, 94% accuracy"), and working
    to quotas, real or implicit ("Can you type this up by 4?") is part of
    the problem.

RE: 970.20 by INTER::JONG

As regards monitoring of Office Workers (esp. Word Processors) we see a lot of
requests for the ability to do keystroke counting, line counting, etc. from 
within ALL-IN-1.  To a number of our customers, this is an appropriate measure 
of performance.  So the tendency is still there, although it may be diminishing
with time.

Perry

    re: .19
    
>    So by watching (no pun intended) who has priv's and setting host
>    0 you can thwart the usage of the "watch" programs.
    
    I don't believe this helps.  If a user on LTA1: does a SET HOST 0,
    the spy can WATCH LTA1: rather than the RTA...
    

    
    the only correct way to "thwart" this (unethical) action
    is to escalate matters through personnel AND security.
         
    In the meanwhile that loop program might be a good deterrant.
    (Id go a step further and have it throw in a <FF> every time
    too, in case the manager wants to PRINT it out.... ;^)   )
    
    The only even close to valid reason an emplyee could be watched
    (and the manager be able to do so without getting in hot water)
    is if they were trying to fire that employee. DIGITALs policy
    requires that the employee be COUNSELED first. I dont think that
    performing covert intelligence gathering operations is in the spirit
    of this company...
    
    Id presume that the author of this note WASNT counseled or they
    wouldnt be so surprised that they were being WATCHed....

	From the author of .0
    
    			Alfred
    ---------------------------------------------------------------------
    
Thank you all for your responses.  I'd especially like to point out .11 and
request continued suggestions following that view.  The reply in .15 does not
address some of the restrictions mentioned in .11.  The "watch" program 
running on our system is from an external source and does not appear to have
any of the limitations mentioned in the notes so far except for interactive 
monitoring of RT terminal devices.  Part of my reason for posting .0 was to 
increase awareness of this program's existence and the possibility that it 
could be running on more than just our system.  Any system manager can make 
detecting its presence extremely difficult.  It could be argued that the 
program is needed to help catch hackers or other people who try to modify
system level files and access data.

        Sounds like the monitoring software from a company called Clyde
        Digital Systems. I attended a presentation on their product once,
        wasn't impressed (pointed out to them, that most of their stuff
        can be done by an experienced Vax Hacker), and also pointed out to
        them that they we stretching Privacy laws in several
        states/countries. THey didn't seem to care less.
        
        q
        

    Can we learn anything from Clyde's success?

ASC of DECintact fame also produces these nasties.

    Re .-1:  (please start another topic before rat-holing this)
    
>> ASC of DECintact fame also produces these nasties.
    
    Please, "ASC of INTACT fame..."
    
    We've brought DECintact so far beyond its roots, in so many ways,
    that we're a little touchy about a direct association with ASC.

    Depending upon the access a user is provided with during the normal
    course of business, for example if they are allowed PHONE, MAIL
    or ALL-IN-1 (mail), then such monitoring without a warning message
    is probably illegal in Canada.
    
    The case could be made that, inasmuch as a computer set-up emulated
    either telephone or mail functionality, they computer set-up is
    protected by the same laws as those services.  In the case of phones,
    I believe, an employer (phone-line-renter) has the right to record
    all calls made, and review same, but must inform employees of that
    fact.  Regularly, too, I think.
    
    Legal or not, it sure is un-DEC-like.
    

    Notes readers in London may be interested to know that there is
    a program called SNOOP running on PANIC.  I'm afraid that that is
    as far as my insider knowledge goes.
    
    Just thought I'd let you know.
    
    Diane.

-->    Notes readers in London may be interested to know that there is
-->    a program called SNOOP running on PANIC.  I'm afraid that that is
-->    as far as my insider knowledge goes.


	Are you sure that this SNOOP program is a WATCH/SPY program?
From you reply it seems that you are not 100% sure of its true use. By
putting this reply in the notes file you are yelling fire in a theater. 
IMHO There is enough unwarranted hysteria around this subject. 
	I personally feel that this reply is inappropriate, especially 
considering that there is no rule in the P&P manual stating that the system 
manager cannot use this type of program to maintain security on there system.
And we have no proof that this SNOOP process is actually spying on users, it
could be just a poor choice of naming.

Thanks,
 
tac