Link to home
Start Free TrialLog in
Avatar of Stephen Monday
Stephen Monday

asked on

DESKTOP MONITORING

scenario: On a server client network, in a working environment.

How can you monitor client's desktop screen without them knowing? As in i'd like to view their screen and see what they are doing without them knowing my presence.
Thanks.
Avatar of Chris Jones
Chris Jones
Flag of United Kingdom of Great Britain and Northern Ireland image

This is almost certainly illegal.

Human rights act 1998 article 8
and
Data protection act 1998
Avatar of Stephen Monday
Stephen Monday

ASKER

Sorry pls, this is within our organisation. Any assistance?
You are still bound by laws. Especially in an organisation. Not to mention ethics.

I certainly wouldn't be comfortable advising you on this.
Bros, we are trying to track some activities on our network, that's why? please!!
Avatar of Anthony Janson
Can't be done. It is indeed against the law as it's a breach of privacy and your organisation can be sued for that, even if it's within your own network. In addition, all programs either will show an audio/visual warning that someone is watching with you or request for authorization.

Probably the best bet would be VNC if configured correctly. But an user will still notice that someone is watching with you.
Thank you  very much for your contributions. But i didn't get my problem solved.
The previous comments are correct that you would be getting into a dangerous area of privacy rules. Plus your organization would have to make sure that users are aware that they're being monitored (which would apply with any approach, but that particular one you want to do would be far uglier).

However, what you could do if put a proxy or a networking monitoring tool in place. That would give you activity as far as the network is concerned. If you're wondering about what programs they're running, there are a number of software tools that you could use that would NOT show you what is on their screen.
I think the answer/solution to your issue is that, it should not be done.

You could perhaps move onto a non-illegal, non-covert method which which will help you assess whatever the issue with personnel you have.
Are your employees aware that their systems can be monitored at anytime? I would seek legal counsel or speak to law enforcement before doing anything on your own.
It's not necessarily illegal per se done properly (given that an employee cannot say that they expect a high level of privacy given that they do not own the computer), however that is a can of worms you'll never want to open. Besides, that also leaves the question of you potentially seeing data that you should not.

What would make more sense is to work with managers, legal, and human resources to establish some ground rules of what to allow/block, then setup security mechanisms reflecting those policies. That could include blocking certain categories of websites at the firewall level, taking track of websites that users visit, and so on.
THANKS
Employees using employers computers and network should not expect privacy.
I'd recommend creating another question seeking advice of what kind of monitoring tools to put in place. But also have a more clearly defined idea of the information you'd like to collect. Sometimes identifying your location helps as it helps with checking to see if certain things are legla in your location that aren't in the expert's location (and vice versa).
Actually I think one important factor we're forgetting here is geographical location.

In the UK for example you SHOULD expect privacy and are legally entitled to it.

It may differ around the world (including Nigeria where the author is from?)
@Edward; it differs per contract decided between the user and HR. As Chris said, it also differs per country. For me, it's illegal to do so. So the OP should look with his HR before doing anything.
@Anthony, understood. I am aware its illegal to monitor peoples personal computer, but if you are on someone else's computer then you are giving up any right to privacy.

https://www.worktime.com/european-union-eu-employee-monitoring-laws-what-can-and-cant-employers-do-in-the-workplace/

I already posted one for the US.
@Edward, this is actually not the case in the United Kingdom (or the EU I think)

Article 8 of Human rights act 1998:
http://www.legislation.gov.uk/ukpga/1998/42/schedule/1/part/I/chapter/7

Citizens advice:
https://www.citizensadvice.org.uk/law-and-courts/civil-rights/human-rights/what-rights-are-protected-under-the-human-rights-act/your-right-to-respect-for-private-and-family-life/


Examples of where there could be a breach of article 8 include:

  • searches and surveillance of your home
  • separation of family members including deportation or removal of immigrants
  • care or adoption orders for children and interference with your parental rights
  • compulsory medical treatment or testing
  • if you’re treated badly in a care home - if it's severe enough this could also be a breach of article 3
  • your right to privacy at home and at work - for example, phone tapping, the monitoring of emails and internet use, CCTV
  • if your personal information is disclosed to other people without your consent
  • the imposition of unreasonable dress codes at work
  • the quality and nature of the accommodation provided by local authorities and some housing associations
  • protection from noise and pollution nuisance.

Please see the section outlined in bold.
Chris, admittedly, there's a key portion you left out from that.
Private life has a broad meaning. It means you have the right to live your life with privacy and without interference by the state.
That is true, however what we're discussing in this thread is a business issue not government.

When it comes to digital forensics, we consider things like CHIS (COVERT HUMAN INTELLIGENCE SOURCES) and directed surveillance, I feel this is outside the scope of the discussion as this wouldn't apply here.
I got it, but big corporations have ways around those laws with disclaimers prior to logging into the computer, or when being hired. What I am trying to say here as long as the employer lets them know the computer is being monitored then the employee can make the decision based on that. There is always a choice. You don't have to work for someone that monitors your computers.
I got it, but big corporations have ways around those laws with disclaimers prior to logging into the computer, or when being hired. What I am trying to say here as long as the employer lets them know the computer is being monitored then the employee can make the decision based on that. There is always a choice. You don't have to work for someone that monitors your computers.

I studied this to some extent through my postgrad, the monitoring of systems can be permitted, but there MUST be reasonable actions taken to ensure that personal information is dealt with very carefully.

If you fancy a read of the Regulation of Investigatory Powers Act 2000 it can be found here:
http://www.legislation.gov.uk/ukpga/2000/23/contents
@Edward, your link says this in the first point:

In general it is legal to monitor employees in the workplace (computers, cell phones etc.) with their agreement and awareness.
«Once an employer decides to monitor employees»,- here are the steps to follow: «… basic principles to ensure that the monitoring is done properly and in accordance with employees’ right to privacy:      …
•      Transparency. Monitoring should be transparent. The employer must provide clear and comprehensive notice to employees about the monitoring;
•      Legitimacy. Employers may monitor employees only to safeguard their legitimate interests, while not violating the employees’ fundamental rights;
•      Proportionality. Personal data processed in connection with any monitoring must be adequate, relevant, and not excessive with regard to the purpose for which they are processed;

According to OP, he doesn't want it transparent and we don't know if it's legitimate. Also, we don't know if the employees have agreed and been made aware of this. If it's not in their terms of use they signed when they signed their contract, they did not agree to it.

Only if all of that is done, then it's legal.
Prior to this employee joining the company if he was made aware that his computer can be monitored at anytime then at anytime the company is allowed to monitor that computer. However, if his company did not make the employee aware of computer monitoring then he will not be allowed to monitor his computer.
@Edward I'm a little confused, are you talking about US law, UK/EU law or Nigerian law? Are they all the same?

I must admit this is now way out of my remit, but I would like to know how this is determined so rigidly.
ASKER CERTIFIED SOLUTION
Avatar of Lee W, MVP
Lee W, MVP
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
@ My Great Experts,  i actually got some knowledge from your discussions so far.

Please, can you suggest some Apps or software that can do the monitoring perfectly?
Stephen, could you please tell us about the network infrastructure at your organization?
@Lee, I am not an attorney but I have been involved in a case like this a many years back. In my case I was give Office of General Counsel permission.
I am not qualified in law, and as indicated in my previous post, this is outside my remit.

I must admit, looking back through my posts, I did appear to be giving definitive answers, this wasn't actually my intention, and I think what I had intended was to challenge in a useful way. I think I failed this point.

I'd like to redact any statement I've made that did not give the opportunity of challenge or correction.

I simply want the OP to be able to look carefully into this scenario with the law as a careful consideration not just technology.

The thread appears to have become heated, I apologise if I have fueled this.
@Chris, a good debate never hurt anyone. :)
@mansrock, the Network Infrastructure  is fully Local Area Network(Server Client Network ) no internet connection.
Chris,

Speaking only for myself - THANKS!  I understand the level of concern and there are times I forget we're in a global community and only relate (vehemently) my knowledge as it relates to the geographic area I'm in.  And it's DEFINITELY important in a matter like this to encourage whoever wants to do this to take the appropriate precautions - there could be VERY GOOD reasons for Stephen to do this, but if it's not done right (assuming it's allowable at all), it could have far worse consequences.

The important thing is that we don't get personal... I don't think I did and I don't think you did... and from my perspective, polite, passionate arguments are fine!

-Lee
@Stephen, please seek legal counsel prior to proceeding with this monitoring or if you think he may be involved in something illegal contact your local law enforcement agencies.
@Edward, @Lee Thanks for the kind words.

We're all just trying to support the end-user :)

I suspect if the user does indeed have legal rights and permission to do the following, there are tools to do such. Monitoring live traffic these days is very difficult with encryption, so typically the way to monitor is on the end device.

Most monitoring desktop software makes the user aware of the situation, I have no knowledge other than bespoke software that would perform the task as described in the original post.

Best of luck!
@Stephen - I mean what type of switches, router, and firewall. I'm assuming that you don't have a proxy in place. Of course, I'll assist in answering questions making the assumption that you're going to get the appropriate parties involved before buying or putting anything into place.
It would also be good to know what kind of monitoring you want... desktop is a bit vague.  What are you looking for?  Evidence of data theft?  Inappropriate activity?  Harassment of someone?  There are methods of doing this without significant observation... through review of logs, policies, network traces, and other security measures.  One consideration - instead of trying to monitor someone, re-evaluate your security - maybe there are things you should be doing to prevent the users ability to do what you suspect they may be able to do... because if one person is doing it... it's quite possible others are and you don't even suspect them!
@Monsrock, TP-LINK TL-SG1024 10/100/1000Mbps 24-Port Gigabit 19-inch Rackmountable Switch, no Router, no proxy normal firewall configuration (configuration for normal inbound and outbound rules between Server and Client ). Thanks
What model of firewall? Ideally, if you could mention what type of internet connection you have as well (no need to mention provider). I'm also assuming we're only dealing with one location, not multiple.

I can tell that you're more interested in user activity, where I would recommend looking considerably beyond that (such as things outside parties are attempting).
Ok, it can be done---you get caught make sure your manager and the company will stand by you--- when the law suit starts for infringing upon human rights. with that said, employees some OU had to sign that they will be monitored because they are only suppose to use company equipment for company use, in which this case you are only permitted to log and view log files for compliance not actually monitoring the screen.

However if you post clearance from your human resources group--- that you can do so. I'll show you how.
THANKS ALL