Â
"The computer is an infallible witness, he can not lie." With these words begins a brochure, with the company for its Guidance Software EnCase product line advertises - a digital Schnüffelchips assistance, according to the information of the company allows to quickly and cost effectively "to information. And while information from the computers not only criminals but also from employees, their superiors are not geheuer.
Guidance Software Web site: After research, "without which aims to warn"
Because this type of electronic identification assistance is not only used by law enforcement - but also by businesses. According to information from the blogs also by the U.S. technology group Honeywell. EnCase be allowed at any time, the computers of the world's 130,000 Honeywell employees auszuforschen. Also out of 6000 employees of the company, working in Germany.
"Digital evidence provide an unfiltered view of the activities of a suspect in his or her words and deeds are recorded," extols Guidance Software's product. On this evidence should come with EnCase, a "technical solution for the collection and analysis of digital evidence and the subsequent reporting." EnCase is the "industry standard", says that Guidance Software in the promotional brochure itself
Internal documents show that the software on nearly all computers in the company Honeywell installed. Guidance Software advertises itself thus, Encase allows the creation of "investigative infrastructures for businesses." In case of problems with employee integrity ", the software enables immediate investigation," without which aims to warn ".
Already deleted data will be visible again
EnCase can, according to data supplied by the manufacturer in a short time the contents of entire hard disk of the computer tapped on a central server and secure evidence. The program, which is also of German security authorities and the FBI in the fight against crime is being used, is also capable of already deleted files visible.
YOUR OPINION IS ASKED
Discuss about this article
Learn the German Honeywell employees of the sniffing software on their computers until the tip of an external IT service provider. Since the workers' representatives are trying to restrict the use of EnCase, at least in this country and to prevent the program from the computers to take leave because it is from their point of view "unduly into the privacy rights of workers intervenes."
On the other hand, Honeywell said it had EnCase in Germany have not been activated. The Group will only use the software to ensure the security of its information, and staff from threats from the network to protect it.
Labor legitimacy should clarify
At the end of March is now the Labor Offenbach whether Honeywell by EnCase installation participation rights in Germany has infringed. Lawyers keep programs such as EnCase here from privacy and personality rights grounds is extremely problematic.
With Guidance software you can see the nature differently. With "more accurate, faster and more efficient processes for the review of digital evidence 'organizations could" improve public safety, "says the company.
Below is a response that Guidance Software provided in response to the inaccuracies about EnCase in the Der Spiegel article.
ReplyDeleteDear Editor:
I am writing to clarify some misconceptions communicated in your March __ 2009 article “Virtual Tracker” concerning EnCase® Enterprise software.
The article implies that EnCase Enterprise is a monitoring software, which is incorrect. EnCase Enterprise does not keep track of employees’ online activities or affirmatively inform the company about employees’ use of their computers. It does not spy on employees. Rather, it is a passive technology that enables companies that have a legal obligation to collect data – whether it be in response to a request for data by a regulator, the need to look into allegations of bribery or other wrongdoing, a situation in which a company has been hacked, or outright fraud or corruption – to in fact collect data, but to do so in the least intrusive way possible.
Under German law, there are many instances when data collection is required. First, government authorities may request data from companies, particularly in instances in which there is concern about possible wrongdoing. Another example is the requirement in Germany to respond to legally valid requests from customers or employees for all of their personal information held by the company. Or consider situations in which hackers have penetrated a company’s computer system, which can subject employees’ and customers’ personal information to risk; in order to respond, data must be collected about what has occurred. Because most corporate business is conducted via email and electronic documents, data collection cannot and does not ignore computers.
When data collection is required, German companies have often allowed IT staff to gather information by directly accessing file servers and email systems, sifting through employee emails and documents on the corporate systems. This low-tech approach raises legitimate privacy concerns; for one thing, there’s no record generated of what was reviewed or collected. Sometimes companies have outside consultants gather information in the same way, or take “full disk images” of servers and employees’ computers, which copies all of the e-mail, electronic documents and photos from an employee’s computer, and loads the full contents for review by consultants or lawyers. These approaches inevitably gather and process personal data of employees.
EnCase Enterprise, on the other hand, is much more protective of employees’ privacy rights, for the following reasons: (1) First, unlike the data collection tools used by consultants, it can target only the necessary information – only the data requested by regulators, for example, rather than an employee’s entire computer or email box; (2) Second, unlike traditional IT data collection tools, it has a sophisticated role-based security architecture, and can be configured so that the operator of the software cannot view any of the data collected; (3) Third, unlike traditional IT tools or tools used by consultants, it has an “auditor role” so that Works Councils can check the product’s use, to make sure that its use has been in compliance with data privacy requirements, and has not violated rights to participate and/or co-determination rights of employees and/or their Works Councils; and (4) Fourth, EnCase technology is passive, it neither monitors nor accesses any data until instructed to collect data by the operator.
What’s more, strict privacy protections and protocols can be programmed directly into EnCase at the direction of the company’s Works Council. For example, employees can set up “private” folders for personal matters which cannot be searched. The works council can set firm guidelines regulating precisely which company personnel are granted permission to operate the EnCase software, and which information they can search, or to mandate that employees be notified that their data will be searched. Because each and every use of EnCase Enterprise software can be tracked in real time by the works council, it is in a position to effectively ensure compliance with these privacy protections.
When data needs to be collected for legitimate purposes, EnCase Enterprise is the least intrusive technology available, and the one that best protects privacy rights, for it can collect only the small fraction of data necessary for the matter. There are technologies that deserve the label “virtual tracker” – those technologies intercept and monitor employees’ emails, or “crawl” each employee’s data and create an ever-growing searchable index of every single word, including personal data on a range of employees rather than those directly suspected of wrongdoing. EnCase does not do any of these things, it monitors nothing, it does not “crawl” employees’ data, it does not intercept any communications, and it creates no grand searchable index of all employees’ data.
We encourage works councils – and corporate management – to become familiar with EnCase’s safeguards for employee privacy and learn how to set appropriate protocols appropriate to each company. They will learn that EnCase is far from a “virtual tracker” and is the least intrusive means of gathering data for legitimate business purposes.