S is for Spying, Surveillance -- and for Software as Well


Words we choose to describe things and phenomena often show our attitude towards what we say. They imperceptibly reflect our opinions and judgments, prejudices and preferences, moral convictions and beliefs. Whether we like it or not, good deal of words we use are biased, or should I say "slanted", --positively or negatively. Two people will call the same thing differently, depending on their points of view.

Look at this example: "Monitoring", "surveillance", "control", "data interception", "gathering evidence of wrongdoing" -- on the one hand; "sleuthing", "spying", "eavesdropping", "snooping", "peeping", "prying", "tapping"--on the other. A neutral "information gathering device" vs. negatively loaded "bug"--choice of words clearly shows whether we approve or disapprove it.

If you feel you have right to do so, you are "monitoring my kids' online behavior"; your resentful kids, however, might think you are to poking your nose into their lives. The same at work--but here it is you who is the person under surveillance, and your opinion might differ from the CEO's, who probably thinks that "workplace surveillance software improves employees' performance and prevents violations of security policy and corporate code of conduct" (or something similar).

Most of arguments on this issue start right here; the crucial point is whether those who perform monitoring are authorized to do so.

Computer monitoring and email monitoring have been in the limelight for several years, and public interest is not going to fade. The very issue of monitoring is extremely complicated. Here technical matters become directly connected with wide range of political, legal, economic and moral issues. The data interception technology has everything to do with a wide range of very serious matters--from identity theft to various aspects of national security.

The problem is that this technology is a double-edged sword. Software used for parental control or workplace surveillance often apply the same mechanisms as malicious programs used for data stealing and plain spying. But there are differences.

These two specific program functions are typical to spy programs:

First, preliminary configuration of the monitoring module (it is usually called "client" or "agent") is possible, with a compiled executable file as a result. This file, when installed, doesn't display any messages or create windows on the screen. It "hides itself" and "shows no signs of life". It is impossible to notice whether the particular PC is being secretly monitored or not. Of course, the user is not aware of being spied ? until the consequences show up.

Second, spy software always has built-in means of remote installation; as a rule, the pre-configured module (agent) is installed into the target PC remotely. Then the files with obtained information are sent via local network or emailed to the person who installed the spy program.

Last, but not least ? spyware is always used illicitly and behind the user's back ? here monitoring is performed by a person who has no right for it. Unlike spyware, legally used monitoring programs are seldom used furtively. Though in many states it is officially permitted not to let employees know about monitoring, companies--especially large ones--rarely make a secret out of it.

Remove these two functions - and you will get a monitoring program instead of spy software. If it is impossible to pre-configure the monitoring module and install it remotely; if you should have administrator privilege to install the program, it is monitoring software, not spyware.

As we can see, monitoring products in themselves are neither good nor bad. Compare them with a knife--one may use it both for cutting cheese and for stabbing a neighbor to death. Tool is only a tool, but be careful--this one is of a dangerous kind.

Alexandra Gamanenko currently works at Raytown Corporation, LLC--an independent monitoring and anti-monitoring software developing company. Its products are based on innovative technologies the company's R&D department developed. Learn more--visit the company's website http://www.softsecurity.com/

home | site map
© 2005