To track other things, like time on task or web surfing habits, would not even be redundant, just superfluous.
Give people a metric - any metric - and they will (conciously or otherwise) start optimizing that instead of the actual goal.
Besides, if you're a non-technical leader it can be difficult to understand how things are going unless you have some kind of metrics to track.
A good manager can often sense when someone is not doing their job, or has disconnected.
In one case, a good manager came to me and asked me to check the "bossware" software to see if a certain employee was working while "working from home".
...turns out they were not. So we terminated them.
Good manager + bossware = Efficient process.
They didn't "sense" anything, they just asked you to show them some stats on a dashboard. They didn't approach the person for an explanation or conversation.
This manager totally removed the human from the person struggling with their job. That makes them a good robot.
I can additionally imagine that koheripbal was not privy to any information regarding that employee's performance besides that one thing.
From the article:
> Bossware typically lives on a computer or smartphone and has privileges to access data about everything that happens on that device.
It's a question of intrusiveness and granularity. Git commits are plainly not 'bossware'.
It's not wise for a manager to use git commits as their sole estimator of progress, but that's another question entirely.
So the only option is to track whether they're working or not.
If you are at the point where you need to modify commit timestamps to satisfy some micromanager, it's highly likely that there are other things wrong with them that will lead to you searching for a new job fairly soon.
* you otherwise liked the job
All I was saying is that these two are very likely mutually exclusive.
Sure, it's hypothetically possible that I have a micromanage-y boss who only tracks my commit times and nothing else. But really? That's the same boss who's going to mentally think you're "not a team player" because you left an hour early for your son's birthday party. That's the same boss who's going to obsessively tracks how many vacation days you "accrued" and insist on you coming in when you're sick if you don't have any left. Let's not kid ourselves.
Not really sure what the benefit in cheating your boss would be though? You still had to do the work at some time. Maybe you work extra hard one day but push only the first half of your commits, then give yourself a day off where all you do is check in at the end to push the fake-timed other half of them?
It'd probably be easier to find an 'unlimited holiday' job that pays you for output rather than keeping your seat warm.
I might switch to doing it once a sprint :)
...but also because I'm a weird night owl and don't like my employer to see me slacking off all day then doing work at 1am.
I'm sure I'm getting details a little wrong here, but basically if you're paying someone a certain salary to do a task, you aren't allowed to know how long it took to do it.
Microsoft Word has an example of this: The 'Total Editing time' tracking feature is disabled in Germany (and likely other countries.)
That seems like a decent managerial practice for some types of workplace, and it's definitely the model I have for my direct reports; but doing it by law seems like a bit of a shortcut for some reason to my anglo brain.
I also think it's an aspect that should be explored more. Sometimes people forget that the time to complete a task does not always correlate with the cognitive load of completing a task.
I've seen orgs where 'top producers' on a team slowly get loaded up more and more, eventually having 50-100% more points on a sprint than their peers on the team. They usually wind up 50-100% more drained at the end of the day too, and it winds up impacting their quality of life.
(Which does not.)
It's almost as though there's nothing to be ashamed of, and these two compromises together actually do make a right.
The fundamental problem here is that that company is cutting corners to save money. Full stop.
A trained ape reading a script for insurance enrollment is handling "sensitive" data, but your prescription history is sold in real-time to data brokers.
“Bossware” like this is not a security tool, it’s a way for micro-managers and ass-in-seat bosses to be more effective in their misguided management styles.
If you cannot define a goal that people can work towards aside from a most uncreative KPI, it is always a management problem. At least in engineering.
It is a work culture thing, but if you have a constructive one established, these tools can do much damage.
Very old blog post on it: https://blog.zoom.us/zoom-tips-for-educators-attendee-attent...
For example, I have three monitors and one is on zoom. During the zoom conf, i've got full view of the screen, etc. But the focus is on another screen, where I continue slack/messaging/typing/coding/etc. Would an attention tracker be smart enough to realize that -- despite not being focused on the Zoom window -- that I indeed am listening and viewing it?
The thing is that in all too many meetings, a certain percentage of the attendees is only required for a certain period of time.
Accountability (AKA delivery, outcome) is the best metric for me.
In most cases, it's used for auditing. If someone is suspected of abandoning their job, or stealing, or working a 2nd job, or etc... then the logs are reviewed.
Source: Been Micromanaged in the past and seen scenarios where said micromanagers used such data on others.
Any corporation that collects these logs is asking for danger. Give a good law firm that much data, they will nail you.
Not to mention if you fire someone for burning time and they sue for wrongful termination and you get an e discovery request..to see if you applied that surveillance to everyone equally. Let's request a random selection of logs from 10 staff members in the same or related roles.
This level of monitoring can get you in some huge problems.
I worked at a medium-sized tech company, and one employee sent an e-mail to another employee about how one of our product logos looked very similar to another logo in a similar product space. It was similar enough, and the products closely related enough, that this concern would have kicked off a re-branding effort or something like that... but since it was an e-mail, it sent off red flags all the way up to executive level. Triggered overseas flights, high-level meetings, legal involvement. Everyone working on the project immediately put on white gloves.
Made me think that more often then not, it's just better off for management to "not know", or at least have what they call plausible deniability.
Of course, for the "big crimes", it's good to have some level of logs collected and stored. For instance, no company should tolerate something like this happening, naturally: https://www.reuters.com/article/us-usa-insidertrading-expedi...
> Made me think that more often then not, it's just better off for management to "not know", or at least have what they call plausible deniability.
What, what? Can you clarify?
Here's my understanding:
* employee saw a problem and sent an email to notify others about it
* management reacted with "white gloves" ???
* therefore, management should have plausible deniability of problems
I'm not sure I agree with that conclusion but I'm also having trouble understanding how that conclusion was reached.
I don't think it's reasonable for management to have plausible deniability when red flags about products are raised by employees.
Look at social media brigading when the mob decides someone is "bad". Some evidence that <target> hates kittens will be found in an email from 2005. That happens in the office too, except it's done by attorneys instead of internet randos.
Rather than what it sounds like which is employees should provide cover for executives by not informing them of legal issues in a manner that means there is a record. Which sounds ethically dubious as well as a terrible idea for the individual employee.
I can understand lawyers making that case, but do juries actually agree with that? Lots of organizations collect internal data en-mass but they're all siloed away and disconnected - so while the company-as-a-whole has all the data, no-one inside the company could combine them together (or more likely: no-one inside the company even considered that they could combine the data together).
Hypothetically, if a company was doing everything - including logging every keystroke, instant-message chat and recording every audio and video call - but just archived it without doing any information-extraction - or they tried but the signal-to-noise ratio was too low, would that convince a judge to instruct a jury to disregard that?
And isn't that why investigative agencies seemingly stopped asking ISPs and legislatures to record everyone's search-engine queries and DNS lookups - simply because the amount of actionable, useful data is impossible to find until some-bad-thing already happened?
One way to protect the average employee from the overreach of bossware might be to teach prosecuting attorneys to weaponize it against its users (i.e. the bosses). But that would ultimately involve shining light on data whose exposure might harm the very employees that we're trying to protect.
What an ugly lose-lose situation.
I wouldn't expect a judge to instruct a jury to disregard it, even in the case of signal to noise. There's nothing that makes the evidence inadmissable afaik (not a lawyer, so I could very well be wrong). It would be up to the plaintiff to demonstrate that the company failed in their obligations, and up to the company to defend that what they did was adequate.
> And isn't that why investigative agencies seemingly stopped asking ISPs and legislatures to record everyone's search-engine queries and DNS lookups - simply because the amount of actionable, useful data is impossible to find until some-bad-thing already happened?
The use of that data is also very different. There are a small number of crimes where a DNS lookup or search query is a crime in and of itself. Probably none, without other evidence. At best, they're circumstantial evidence.
In the case of digital communications, there are a lot of civil crimes that can be contained entirely within the communications. Sexual harassment, unlawful trade practices, etc. Likewise, the NSA is probably far more interested in everyone's email and chat than they are DNS lookups and search queries.
I doubt a judge would make that decision unless the data was somehow "poisoned" and can't be brought to trial.
Most likely the prosecution would bring it up, the defense would counter and it would be up to the jury to decide how relevant it is.
Saying "we strive for a harassment-free workplace, but didn't both to check the data we've been collecting for the past 5 years" wouldn't fly very well with a jury.
so you are tracking all of this data to ensure your employees are productive and on task, but keeping them productive and on task doesn't include stopping them from sexually harassing my client?
oh you tried to prevent sexual harassment, but it was hard because you collected to much data on your employees actions?
Employees aren't cattle.
Edit: and let me be clear, corporate spyware preys exclusively on companies with weak and incompetent management. All it does is let them buckpass to the next performance eval.
Sounds like you've made up your mind already. The ideas brought in the top parent post are making me reconsider my conclusions on the subject.
But the other 10% is pure gold.
Lots of middle management types _want_ to dickride employees- pointing this out only makes them more eager to (ab)use bossware. Pointing out that bossware can get them into trouble however is an effective way to prevent its adoption.
2. Assume that the described software is unethical.
Doesn't it follow that it's a good thing to highlight why unethical things are actually risky in a way that matters regardless of ethics?
At the end of the day, the perception of good faith can be more important than anything else. So what if they didn't prevent anything? As long as they clean up the mess afterwards they can still walk away the good guys. And it's this spyware that lets them do this.
Same goes for logins/logouts to the authentication systems. No one is sitting there staring at the log files.
"Sure, here are the logs for the past 3 days, in accordance with our retention policy which is also 3 days"
Also anything less than 90days is likely to raise some eyebrows. Also your not the one pulling data in all cases. In some events the court will order your cooperation with a neutral third party for ediscovery. They will come in an perform data forensics on the assets in question.
Would this be enough to convince a judge/jury? AFAIK a lot of companies/govt agencies have short retention windows specifically to frustrate discovery, so it has to be working?. Granted, they're not as low as 3 days. Is 90 days the magic period where it's long enough to plausibly say you're not doing to frustrate discovery?
>Also your not the one pulling data in all cases. In some events the court will order your cooperation with a neutral third party for ediscovery. They will come in an perform data forensics on the assets in question.
That probably isn't an issue if your third party shreds the data after the retention policy. For "security purposes", of course.
But I've also been in organisations big enough to have multiple full time in-house counsel, and more often than not the desire to run software like this comes from those legal people.
I don't know who is in the right but I do know that people who study law and not tech seem more likely to have argued this is a good thing for an organisation.
FYI - NOT advocating this, more curious. I understand this is often what is done by social media firms when getting data.
It was exactly the reason you stated. Not necessarily that they were worried bad things would happen (but in a big enough company the chance is high), but just the compliance requirements. If someone falls under a legal hold, all of that has to be collected and retained on a schedule.
Easier just to wipe it out after a set time period a global policy.
I don't really like people helping development for surveillance systems. Yes, companies have an interest to know if work is significantly affected from slacking, so maybe talk to your employees. You don't even need the legal threat.
Didn't for example the various agencies "knew" in advance of any terror attack, meaning they had data, that clearly implied person x is going to blow?
I read that in variations, to allmost any terror attack/amok so far happened.
But data analysis in hindsight is easy, you have to put that important data in context to the huge pile of other data you also have and your very limited human processing power.
(for example the dark internet is full of people threatening to blow up or kill something)
Meaning, I do not endorse worker surveillance at all, but maybe this is not the way to stop it. Also, many claim, it is for the benefit of the worker, because having that data can help improve workflows and avoid accidents/errors. Which is a valid point, I think, but I still would never agree to be in total control of my supervisors.
The fact there are people in my profession working on such things troubles me.
So, to hear that there is a new level of control for this already judgemental and “honor” based society is just appalling.
We discovered one person who, while "working from home" logged in at 9am, wrote one email, then again at 5pm, and did nothing in between.
We suspected as much, but the surveillance software allowed us to provide the evidence for that person's dismissal.
I find that having multiple physical computers, each with a very specific purpose, is an excellent way to context switch and maintain that psychological isolation between duties. There are definitely security/privacy benefits as well, but I hesitate to delve into that rabbit hole of a discussion here.
Even that would make me nervous, given keyloggers.
One benefit of working from home for the last few months is that there's no temptation to do anything non-work related on my company machine when my personal machines are right there.
How does this help? I guess it masks the web traffic, but you are still using a potentially compromised keyboard and screen.
BYOD has indeed been a curse.
If the app did give the employees the tools to separate their lives, the employer would churn to another app.
In fact, skilled advertisers and psychologists and the kind of people who develop dark patterns for social media companies likely have more control over it than you have.
 and your company’s glorious loyalty oath parade, logos on mugs on your desk, anti-union propaganda posters, slogan you recite on the phone, etc. It is all changing you one way or another.
Compartmentalizing is a valuable Op-Sec practice.
For security purposes we route all internet request through our company VPN to scan for malware. Company notebooks are required to use the VPN tunnel and they do if you don't have admin rights and change that behavior. I think it would be really bad if all netflix traffic from employees gets routed through our companies internet connection. I don't want to put that on netflix support to figure out the problem people are having...
A device that takes in SMS messages only and has a battery that lasts a month...
That said, my statement was about helping people protect themselves. These systems will be used, and for legitimate reasons in many cases. Why not protect yourself from allowing them to overreach into your personal life?
Working requires us to form social relationships with our coworkers to get work done. Oftentimes, we're establishing shared language, and working tempo with coworkers through "inside" jokes, and other human forms of camaraderie. Not only would it be unethical to stamp the social aspect out of our working lives–which make up the majority of our waking hours, and a gross majority of our social ties–but it would also be imprudent, since removing social elements from working relationships would cripple them. It is necessary, and desirable, that we socialize with our coworkers to some extent.
The firm pits individuals–and groups–against one another in competition. Even in an ostensibly friendly, collegial workplace, the zero-sum reality of budgets and headcount encourage workers to jockey for position and push difficult, or unprofitable work onto others. Surveillance like this enables the most manipulative to exploit secret knowledge of the social relationships that are, again, necessary throughout the firm. A secondary effect of surveillance is the chilling effect: trust and camaraderie are hampered by the knowledge that one's every word can be used against them without recourse.
Firms regularly use information freely given to prioritize workers for layoffs. Decades of "employee satisfaction" surveys have facilitated the efficient firing of dissatisfied, burnt-out or mistreated workers. Surveillance offers the same facility, at higher fidelity.
If you are an executive, and you want to maintain dehumanizing working conditions, surveillance is a necessity and a boon. As surveillance increases, our working life becomes more prison-like, and our society progresses towards private autocracy. What astonishes me is how giddily those who profess to love Liberty readily shed it at work.
It's not coincidental that certain forms of right-libertarianism allow for voluntary slavery, which is this taken to its ultimate conclusion.
> It was the agents and overseers sent into the region who were, much like the conquistadors, deeply indebted—in their case, to the Peruvian company that had commissioned them, which was ultimately receiving its own credit from London financiers. These agents had certainly arrived with every intention of extending that web of credit to include the Indians, but discovering the Huitoto to have no interest in the cloth, machetes, and coins they had brought to trade with them, they’d finally given up and just started rounding Indians up and forcing them to accept loans at gunpoint, then tabulating the amount of rubber they owed.
> In reality, then, the Indians had been reduced to slavery; it’s just that, by 1907, no one could openly admit this. A legitimate enterprise had to have some moral basis.
– David Graeber "Debt: The First 5,000 Years"
Any employer who chooses to engage in technological warfare against their own employees deserves warfare in return.
Every once in a blue moon, our security team runs a p99-latency scan on my laptop, that basically bricks it. I’ve tried and failed to kill it, but I’m open to suggestions!
Many employment contracts are written by employers though, so this culture that the employer is some kind of gentle but strict super entity pervades through the language of employment contracts.
The company is just another Joe, and you have just as much right to dictate the terms of your employment as they do, just as you have equal standing in any contract you enter into with your mom, your husband, or your church.
One thing that helps pick apart the engrained culture of faux company superiority is to imagine they are a church instead.
Quoting the following part of EFF’s article makes me feel like they are still toeing the line.
> [the state] must also establish protections for churchgoers: surveillance of parishioners should be necessary and proportionate [and] parishioners should have the right to know what exactly their priests are collecting.
I think I am pretty good at my job. I get great feedback from all sides and complete my work on time and with high quality. We are also looking hard for more people because we have too much work. Getting people up to speed also is a big issue, so my employer invested a decent amount in me. In all, I have a dang good bargaining position.
And yet if I were to quit my job, that would hurt me a lot more than it would hurt my employer. I would lose 100% of my income, which is essentially catastrophic. I would run massive risk in needing to find another decent job, would probably have to move, and wouldn't know whether I would like my new job.
Meanwhile, for my employer, a few projects would be slightly delayed, and we'd have to be more held-back in accepting new work. Nothing really impactful. Hence my employer holds a lot more bargaining power than I do.
- Display name is the display name of the user. You can click the display name to go to the user's setting page in the Microsoft Teams admin center.
- 1:1 calls is the number of 1:1 calls that the user participated in during the specified time period.
- Channel messages is the number of unique messages that the user posted in a team chat during the specified time period.
- Reply messages is the number of unique reply messages that the user posted in a team channel during the specified time period.
- Post messages is the number of unique post messages that the user posted in a team channel during the specified time period.
- Meetings organized is the number of scheduled meetings a user organized during the specified time period.
- Meetings participated is the number of scheduled meetings a user participated in during the specified time period.
- Chat messages is the number of unique messages that the user posted in a private chat during the specified time period.
- Urgent messages is the number of urgent messages that the user posted in a chat during the specified time period.
- Group Calls is the number of group calls that the user participated in during the specified time period.
- Audio time is the total audio time that the user participated in during the specified time period.
- Video time is the total video time that the user participated in during the specified time period.
- Screen Share time is the total screen share time that the user participated in during the specified time period.
- Last activity is the last date (UTC) that the user participated in a Teams activity.
Does Slack not have this? I'm 99% sure Zoom does as well.
Like, staring off into space.
Like, I’m stuck on solving a problem. I look and I look. I can’t find it. I walk away, thinking about it. Still nothing. I drive home, then, I get my a-hah! moment.
I solve the problem. And it was a one liner, to fix the problem.
I am too European to understand how this can be legal.
Any activity done on the company equipment/software is considered work product and is accessible for audit/reviews.
In our case, we only open these logs if a manager has an issue with an employee (either a complain against their conduct, or drop in attendance/work product).
Often, the metrics show that the employee is just doing other work that the manager isn't aware of, but sometimes it's clear that the employee has either abandoned their job entirely and is just doing nothing - and the logs give us legal grounds for termination.
We tell everyone that the system is monitored - we're very transparent about that, and remind them that person comms should be done from their phones. I honestly don't understand the controversy.
This transparency has saved good employees, highlighted bad managers, and helped us remove bad apples.
Who hasn't gotten lost on the internet? However, these guys were at it every day. From my perspective, they were caught in a trap that wasn't good for them or the company. I wanted was to help them find their way back to doing what they were good at.
I setup a squid proxy, got good at regex & category blocking.
After hitting my proxy, the sales guys would get a little frustrated but they invariably redirected themselves and that'd be the end of it. No need to involve management.
Non-stupid employers know that what employees need are duties they can care about & opportunities to make something better.
What employees don't need, to excel at their jobs, is to be surveilled, micromanaged or tightly restricted. (Granted, a few might hit a dark patch & need some guidance. A rare few might be beyond guiding and have to be let go.)
tl;dr: Don't be a crapty employer & you won't have an imaginary need to spy on your employees.
Blocked websites would get you a nastygram page, along with a warning that repeated attempts would result in an email to your manager.
If you tried to use one of those 'proxy' sites that would try to get around blockers, You got an extra-special-nastygram. Told you that an email was immediately sent to your boss, and his boss, and the Director of IT.
Well, I tripped -that- warning once, (trying to do a task at my manager's request,) so I let him know I couldn't and he was going to get an e-mail about it.
"What? I don't see one... Go talk to IT and tell them we need it."
I pondered this as I walked to the IT office. Thankfully I had a great rapport with them, so as they went to put in an exception I asked.
"So, does anyone really get an email?"
All that aside, if you were to log into your personal bank account, or personal email, what are the restrictions around where the data is logged, or who has access to the data. This should extend to the disk storage replacement, if a disk is upgraded, or becomes faulty, where does the data centre remote hands put the faulty/old disk once popped from the tray?
Lets hope that gmail account didn't provide MFA for another site login.
Should this type of software be announced in employment terms?
In a previous job I had an alias to monitor for and kill Tanium, though now I don’t even know what I’m looking for.
I work for a company that makes an automated time tracking product (WiseTime ). We migrated our infrastructure to EU/Germany because we wanted to fall under a jurisdiction that is one of the strictest when it comes to privacy. This is how we think about the problem.
- Many professionals (lawyers, contractors, ...) get paid for the time that they bill their clients
- Manual time tracking (start/stop stopwatch) sucks
- Automated time tracking is an order of magnitude more convenient
- If you are going to automate the problem away, make sure that the system cannot be abused to spy on people
- Otherwise no one will want to use it!
We view privacy as one of our most important features, and our systems were designed from the ground up to protect it.
- Your activity is captured into a private timeline that only you can see
- To make your time available to your team, you must select the activities that you want to share, and explicitly post them to the team. It's like sending an email. Your draft is private, but once you send it off, then your recipient has a copy of it.
- We allow you to anonymise your posted activity data when you leave a team
- We allow you to specify filters around what activities should and shouldn't be captured. Of course you can delete anything you want off of your private timeline.
- We provide user-level and team-level data retention settings. We automatically purge data that falls outside of your desired retention period.
- We silo our data layer so that we don't store any personal information with user activity data. User activity data is siloed away from posted team data, and so on.
- We take GDPR seriously and we even have automated processes to purge data from our Sales team's CRM
We are a remote-first team, and we wanted to build a system that we personally dogfood without any qualms.
If you wake up in the morning, jump into the shower, solve a problem there, and hop onto your computer, WiseTime will then offer to log the last several hours including your sleep time. Edit down to 10 minutes (or however long your shower was) and log it. A bit contrived, but that's the best I got at this time. It's a tough problem to solve ;)
The activity feed is a little creepy but I'm not using it in a team so it is 100% local with no cloud stuff involved.
I run a small e-commerce company. It's myself, and two customer service/operations team members that I have hired out of the Philippines. I live in Indonesia (I'm American) and my company serves those in the US.
I made my first hire back in November 2019, and originally just had her paid salary and an expectation of 40/hours a week.
After a while, she started occasionally disappearing for a day or two at a time. Always having some excuse - which I try to understand. But when I'm running a business on US-hours and my only person working in that timezone disappears, it gets hectic quick.
She was doing phenomenal work, but these gaps caused me extreme stress and were affecting my business. I also felt my trust for her disappearing every time left and then came back with an excuse, that sounded legitimate enough, but nevertheless - it was becoming unacceptable. I felt like my payment was not being justified, and that I also was beginning to resent her as my business would suffer and my own mental health was deteriorating. I couldn't rely on her. We had multiple discussions, but when there's an excuse - it's hard to debate that.
In addition, I was finding that some tasks that I could complete very quickly myself - would take her forever or be incomplete.
But I also wanted to be understanding - I wanted to give the benefit of the doubt, and assume her excuses were legitimate.
So I had a two-fold plan:
1) Setup time-tracking software and switch her pay to hourly. I gave a small raise, as well as paid vacation time based on hours worked, as an incentive. I wanted to make the switch, but still make it fair - and if anything, for her to come out ahead.
2) Begin to make headway on hiring a second person so that when these legitimate use-cases pop up, that we're still covered.
I ended up choosing HubStaff - which looking at the chart on the article, appears the least invasive - which makes me happy with my decision.
I have it configured to track applications and websites monitored, screenshoot every 5 minutes or so, and logs keyboard and mouse activity levels, but not actual data. 99% of what I use it for is just the time-tracking, but sometimes when things aren't completed on time - I can take a quick peak and see that yes, it does appear she was busy all day (Or enough - I don't expect people to hammer out 100% productivity - her activity levels usually hang between 30-60%) and was being honest. In addition, now that I've hired a second employee - I can compare their activity levels together to get a better idea on what's normal.
And as for my original experience of her disappearing. She still does that on occasion. But now, since she's not logging in - she's not getting paid, so I can assume it's legitimate. And I have another employee logging on later during the day to ensure there's not a backlog.
I guess my point here is that the tools are only as nefarious as your employer. I'm not looking to infringe on privacy, or micromanage. I very rarely even bother looking at the information it tracks - but it's a reassurance I'm not getting cheated when something awry pops up.
> I very rarely even bother looking at the information it tracks - but it's a reassurance I'm not getting cheated when something awry pops up.
I asked what salary she wanted, and I pay about 20% over that. She's able to support herself, put her sister through school, and help family when in need.
Although, probably a lot of large corps aren't too different.
I’m sure such a thing is out there, but I doubt it’s being used by employers to spy on workers. More like governments spying on workers with access to sensitive IP.
Plus the laptop "anti-theft" BIOSes that phone home whose name I cannot recall.
Absolute Computrace starts at $29 and is resident in most every OEM BIOS manufactured in the last 20-25 years.
They could make the data for all levels of the organization public within the organization. Doing this would allow for time tracking to be had for the scared middle management, but also give any employees the chance to view any unfair treatment.
Of course this would never happen, but honestly, I would probably be ok with it.
If you’re dealing with hourly employees that are bottom of the barrel, this kind of monitoring is absolutely necessary to keep them in line.
We are people too. If you have good management, you really don't need to worry about it. Also, anything useful that you described, sans credit card fraud, could be accomplished by network logging, without any need to invade the privacy of your employees.
In the case of the guy who used the customer CC to order a bed, you would have been alerted whenever they were sued for credit card fraud, unless I'm deeply misunderstanding the system here.
edits: Remove personal attack and increase clarity. Although I still feel justified, I appreciate the quality of discussion on HN to much to risk polluting it.