Computer monitoring software maker SpectorSoft is gaining sudden attention among federal workers after a Washington Post article identified the Vero Bearch, Fla. company for its role in aiding Food and Drug Administration officials to intercept screen shots, emails, key strokes, and other communications from scientists working at the FDA.
Concerned about unauthorized disclosures in the wake of the WikiLeaks scandal, FDA officials reportedly installed the monitoring software on the laptop computers of an undisclosed number of FDA scientists.
While government workers generally understand their bosses have every right to oversee their work, a group of FDA scientists contend in a lawsuit that they were targeted for exposing what they believed to an unethical review process.
The FDA case, and the extent to which software tools can now invade and capture minute digital details, puts long-standing privacy concerns, and new potential threats against whistle blowers into fresh relief.
SpectorSoft makes a combination of consumer and enterprise computer monitoring products, including Spector 360, which captures every activity, including snapshot videos of a user’s computer screen. The activity data is automatically stored centrally for further auditing.
According to the company’s website, Spector 360, is designed to perform a number of administrative and compliance functions for enterprises, including:
- Track and enforce electronic acceptable use policies
- Protect valuable intellectual property and trade secrets
- Identify security breaches and risks
- Monitor and audit compliance requirements
- Benchmark user productivity
The software lets supervisors “drill down and see the individual activities in question and replay their screen like a DVR to see exactly what (an employee was) doing.”
More specifically, administrators can discern:
- How are users communicating with customers and each other?
- Are employees or contractors visiting inappropriate or dangerous websites?
- Which applications are used most? See this information detailed by Active Time, Total Time, and Focus Time
- Who is accessing, transferring, and printing sensitive IP?
- Who is ignoring Acceptable Use Policies by posting information to Facebook on organization time?
- Who is leaking confidential information or valuable trade secrets … accidentally or for personal gain?
- Which users are disclosing information in violation of industry compliance rules and regulations?
- Who is involved in antiquated, outdated, or inefficient work processes?
- Which users are transferring data to removable media like USB drives, CDs, or DVDs?
Monitoring security risks has become a big business in government.
According to the Washington Post report, government agencies (excluding Intelligence agencies) spent $5.6 billion in fiscal 2011 on hardware, software, personnel and other methods to safeguard sensitive and classified information, based on Information Security Oversight Office figures. That’s a 19% increase over fiscal 2010.
But many questions remain about when that monitoring might be becomes too invasive in practice among federal workers.