Helping people with computers... one answer at a time.

I work from home using a cable broadband service I pay for. I connect to my company's server through a proxy server for email, etc. I use AIM for business IMing. I recently received a notice from my company that all instant messaging conversations are being monitored. I am wondering if it is possible for my company to archive my AIM conversations when I am at home using my own cable provider, or if they do in fact have archiving capability if that would apply only to on-site employees. I am concerned because not all of my IM conversations are work related as I use my screen name for both business and personal conversations.

Hey, at least they told you. Most companies that do monitor bury that fact in their employee handbooks, if they even mention it at all.

But can they monitor your IMing at home?

Maybe.

It really boils down to knowing whether the IM conversation is traveling across your companies equipment. Obviously when you are at work, by definition it is. But when you're at home, it's possible that it still is, depending on what else you are doing.

"It really boils down to knowing whether the IM conversation is traveling across your companies equipment."

You mentioned that you connect through your company's server for email. Well, depending on what that really means, it's quite possible that your IM conversation is traveling over the company's equipment. For example if your company has you establish a VPN or Virtual Private Network connection to the corporate network in order to access your email, while you have that VPN connection established then it's quite possible that your IM conversation is hitting the corporate servers, and possibly being logged.

On the other hand, if all you are doing is POP3 mail, or even better, web mail provided by your corporation, then it's highly unlikely that you have a problem.

If you are concerned, I would take three steps, now:

  • Use different IM accounts for your personal and business conversations. Keep the conversations to their appropriate topics - business or personal - and use only one at work, and the other at home. Don't mix.
  • In any case, but especially on your business account, don't say anything you wouldn't want your boss to read. Or his boss. Or the entire IT department.
  • Connect to your company's equipment from home only when you actually need it.

It's a fine line between privacy and responsibility in any case, but the bottom line is that when using your company's equipment they have every right to examine all the data thereon including your email, IM conversations, documents, browsing history and whatever else you might have.

It's something that's worth remembering next time you're surfing the net over your lunch break.

Article C2560 - February 17, 2006 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

6 Comments
D S Ulmlan
February 17, 2006 2:27 PM

Ask the IT department. They should be able to tell you what is going over the company equipment and how to make sure your personal stuff isn't.

Leo
February 17, 2006 3:52 PM

While on the surface it's hard to disagree with that statement, it makes a couple of assumptions that I don't really like.

1) Your IT department may not know. Or they may get it wrong. Depending on your company there may be several levels of competancy in the department (or incompetancy, if you're cynical), and they might just think they know, guess, or get it wrong. Especially since it's something that's typically configured once by one person and ignored until needed, it's not in front of them each day, so they don't need to remember it every day.

2) They might lie. Unethical and as wrong as it is, there are companies out there who may choose to explicitly hide this information, for fear of not knowing whatever it is you are doing. The thinking might be that if you have to ask, you must have something to hide, so we better watch.

I'm not saying that 99% of all companies aren't going to be honest and accurate - but if you work at that 1% that might not be, asking could be both missleading and problematic.

Charles
June 2, 2006 1:41 PM

http://www.aimencrypt.com/ has information on how to encrypt AIM. It is probably possible to encrypt other protocols using similar methods, but I haven't really looked into it. The certificates you can download from aimencrypt can be broken by someone who really knows what they're doing, but should prevent 99% of IT people from seeing what you're saying. If you want to be protected from 100% of the IT people, you need to generate your own certificate, which can be a complicated process. Of course, the encryption only protects against people watching your traffic as it goes over the network. If you're IM-ing from a company-owned computer, you still need to keep your hard drive clean. Leo has several other articles about that.

nikki
June 12, 2006 2:59 PM

I have a ? can we instant message not at home but in other placse?

kara
January 31, 2007 4:48 AM

how could i find some of past convos that ive had in the instant messaging?

John
February 11, 2010 8:48 PM

If you encrypt your messages and they are watching you, then they'll probably assume you're up to something you shouldn't be, which could cause problems later on. In any case, all they'd need to do would be to monitor your keystrokes and work and get your password.

Which reminds me- don't ever use a password at work for something you wouldn't want them to see.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.