COVID-19 has pushed millions of people to work from home, and a flock of companies offering software for tracking workers has swooped in to pitch their products to employers across the country.
The services often sound relatively innocuous. Some vendors bill their tools as “automatic time tracking” or “workplace analytics” software. Others market to companies concerned about data breaches or intellectual property theft. We’ll call these tools, collectively, “bossware.” While aimed at helping employers, bossware puts workers’ privacy and security at risk by logging every click and keystroke, covertly gathering information for lawsuits, and using other spying features that go far beyond what is necessary and proportionate to manage a workforce.
This is not OK. When a home becomes an office, it remains a home. Workers should not be subject to nonconsensual surveillance or feel pressured to be scrutinized in their own homes to keep their jobs.
What can they do?
Bossware typically lives on a computer or smartphone and has privileges to access data about everything that happens on that device. Most bossware collects, more or less, everything that the user does. We looked at marketing materials, demos, and customer reviews to get a sense of how these tools work. There are too many individual types of monitoring to list here, but we’ll try to break down the ways these products can surveil into general categories.
The broadest and most common type of surveillance is “activity monitoring.” This typically includes a log of which applications and websites workers use. It may include who they email or message—including subject lines and other metadata—and any posts they make on social media. Most bossware also records levels of input from the keyboard and mouse—for example, many tools give a minute-by-minute breakdown of how much a user types and clicks, using that as a proxy for productivity. Productivity monitoring software will attempt to assemble all of this data into simple charts or graphs that give managers a high-level view of what workers are doing.
Every product we looked at has the ability to take frequent screenshots of each worker’s device, and some provide direct, live video feeds of their screens. This raw image data is often arrayed in a timeline, so bosses can go back through a worker’s day and see what they were doing at any given point. Several products also act as a keylogger, recording every keystroke a worker makes, including unsent emails and private passwords. A couple even let administrators jump in and take over remote control of a user’s desktop. These products usually don’t distinguish between work-related activity and personal account credentials, bank data, or medical information.
Some bossware goes even further, reaching into the physical world around a worker’s device. Companies that offer software for mobile devices nearly always include location tracking using GPS data. At least two services—StaffCop Enterprise and CleverControl—let employers secretly activate webcams and microphones on worker devices. (...)
Visible monitoring (...)
Invisible monitoring (...)
How common is bossware?
The worker surveillance business is not new, and it was already quite large before the outbreak of a global pandemic. While it’s difficult to assess how common bossware is, it’s undoubtedly become much more common as workers are forced to work from home due to COVID-19. Awareness Technologies, which owns InterGuard, claimed to have grown its customer base by over 300% in just the first few weeks after the outbreak. Many of the vendors we looked at exploit COVID-19 in their marketing pitches to companies.
Some of the biggest companies in the world use bossware. Hubstaff customers include Instacart, Groupon, and Ring. Time Doctor claims 83,000 users; its customers include Allstate, Ericsson, Verizon, and Re/Max. ActivTrak is used by more than 6,500 organizations, including Arizona State University, Emory University, and the cities of Denver and Malibu. Companies like StaffCop and Teramind do not disclose information about their customers, but claim to serve clients in industries like health care, banking, fashion, manufacturing, and call centers. Customer reviews of monitoring software give more examples of how these tools are used.
We don’t know how many of these organizations choose to use invisible monitoring, since the employers themselves don’t tend to advertise it. In addition, there isn’t a reliable way for workers themselves to know, since so much invisible software is explicitly designed to evade detection. Some workers have contracts that authorize certain kinds of monitoring or prevent others. But for many workers, it may be impossible to tell whether they’re being watched. Workers who are concerned about the possibility of monitoring may be safest to assume that any employer-provided device is tracking them.
The services often sound relatively innocuous. Some vendors bill their tools as “automatic time tracking” or “workplace analytics” software. Others market to companies concerned about data breaches or intellectual property theft. We’ll call these tools, collectively, “bossware.” While aimed at helping employers, bossware puts workers’ privacy and security at risk by logging every click and keystroke, covertly gathering information for lawsuits, and using other spying features that go far beyond what is necessary and proportionate to manage a workforce.
This is not OK. When a home becomes an office, it remains a home. Workers should not be subject to nonconsensual surveillance or feel pressured to be scrutinized in their own homes to keep their jobs.
What can they do?
Bossware typically lives on a computer or smartphone and has privileges to access data about everything that happens on that device. Most bossware collects, more or less, everything that the user does. We looked at marketing materials, demos, and customer reviews to get a sense of how these tools work. There are too many individual types of monitoring to list here, but we’ll try to break down the ways these products can surveil into general categories.
The broadest and most common type of surveillance is “activity monitoring.” This typically includes a log of which applications and websites workers use. It may include who they email or message—including subject lines and other metadata—and any posts they make on social media. Most bossware also records levels of input from the keyboard and mouse—for example, many tools give a minute-by-minute breakdown of how much a user types and clicks, using that as a proxy for productivity. Productivity monitoring software will attempt to assemble all of this data into simple charts or graphs that give managers a high-level view of what workers are doing.
Every product we looked at has the ability to take frequent screenshots of each worker’s device, and some provide direct, live video feeds of their screens. This raw image data is often arrayed in a timeline, so bosses can go back through a worker’s day and see what they were doing at any given point. Several products also act as a keylogger, recording every keystroke a worker makes, including unsent emails and private passwords. A couple even let administrators jump in and take over remote control of a user’s desktop. These products usually don’t distinguish between work-related activity and personal account credentials, bank data, or medical information.
Some bossware goes even further, reaching into the physical world around a worker’s device. Companies that offer software for mobile devices nearly always include location tracking using GPS data. At least two services—StaffCop Enterprise and CleverControl—let employers secretly activate webcams and microphones on worker devices. (...)
Visible monitoring (...)
Invisible monitoring (...)
How common is bossware?
The worker surveillance business is not new, and it was already quite large before the outbreak of a global pandemic. While it’s difficult to assess how common bossware is, it’s undoubtedly become much more common as workers are forced to work from home due to COVID-19. Awareness Technologies, which owns InterGuard, claimed to have grown its customer base by over 300% in just the first few weeks after the outbreak. Many of the vendors we looked at exploit COVID-19 in their marketing pitches to companies.
Some of the biggest companies in the world use bossware. Hubstaff customers include Instacart, Groupon, and Ring. Time Doctor claims 83,000 users; its customers include Allstate, Ericsson, Verizon, and Re/Max. ActivTrak is used by more than 6,500 organizations, including Arizona State University, Emory University, and the cities of Denver and Malibu. Companies like StaffCop and Teramind do not disclose information about their customers, but claim to serve clients in industries like health care, banking, fashion, manufacturing, and call centers. Customer reviews of monitoring software give more examples of how these tools are used.
We don’t know how many of these organizations choose to use invisible monitoring, since the employers themselves don’t tend to advertise it. In addition, there isn’t a reliable way for workers themselves to know, since so much invisible software is explicitly designed to evade detection. Some workers have contracts that authorize certain kinds of monitoring or prevent others. But for many workers, it may be impossible to tell whether they’re being watched. Workers who are concerned about the possibility of monitoring may be safest to assume that any employer-provided device is tracking them.
by Bennett Cyphers and Karen Gullo, Electronic Frontier Foundation (EFF) | Read more:
Image: uncredited