Conversation

Notices

1. Embed this notice
   Wolfie Christl (wchr@mastodon.social)'s status on Wednesday, 28-Aug-2024 06:12:28 JST Wolfie Christl

   I published a new report that shows how today's cybersecurity and risk profiling systems are turning into employee mass surveillance and predictive policing tools.

   Based on log, device and network data,
   they let companies monitor almost everything employees do or say.

   We need a serious debate about what is necessary and proportionate for what purpose and about safeguards that prevent misuse.

   My 76-page report focusing on software from Forcepoint/Everfox and Microsoft:
   https://crackedlabs.org/en/data-work/publications/securityriskprofiling

   • Embed this notice
     Wolfie Christl (wchr@mastodon.social)'s status on Wednesday, 28-Aug-2024 06:13:08 JST Wolfie Christl

     in reply to

     Forcepoint was until recently owned by defense giant Raytheon. Its behavioral surveillance tech was initially funded by the CIA's venture capital firm In-Q-Tel.

     A co-founder of RedOwl which later became Forcepoint Behavioral Analytics is a former US army intelligence and NSA officer who was previously the CEO of Berico, which was involved in a large-scale plan to discredit labor unions in the US.

     Overall, Forcepoint claims to analyze 5 billion activity records per day from 900 million devices.

   • Embed this notice
     Wolfie Christl (wchr@mastodon.social)'s status on Wednesday, 28-Aug-2024 06:13:09 JST Wolfie Christl

     in reply to

     • Thomas Claburn

     The report is part of a larger project which examines how employers (mis)use worker data, funded by Austrian Arbeiterkammer:
     https://crackedlabs.org/en/data-work

     To illustrate wider practices, the report investigates software for cybersecurity and risk profiling from two major vendors including Microsoft. While employers can use these systems for legitimate purposes, the report focuses on potential implications for employees.

     The Register's @thomasclaburn wrote about my research:
     https://www.theregister.com/2024/08/27/microsoft_workplace_surveillance/

   • Embed this notice
     Wolfie Christl (wchr@mastodon.social)'s status on Wednesday, 28-Aug-2024 06:13:09 JST Wolfie Christl

     in reply to

     First, the report investigates insider risk and behavioral monitoring technology offered by Forcepoint, a major US cybersecurity vendor that is affiliated with the defense/intelligence sector.

     Forcepoint promises to help organizations identify cyberattacks and employees who are considered a risk, whether by carelessness, negligence or intention.

     Potential threats include “disgruntled employees” who had a “huge fight with the boss” and “internal activists” who leak information to journalists.

   • Embed this notice
     Wolfie Christl (wchr@mastodon.social)'s status on Wednesday, 28-Aug-2024 06:13:09 JST Wolfie Christl

     in reply to

     Forcepoint's systems can analyze:

     - data from employee computers/devices, e.g. file, web, app, clipboard, keyboard, screen activity
     - employee communication contents, e.g. email, chat, voice calls
     - networking data, e.g. firewall, proxy
     - performance reviews from HR systems
     - data on physical access to buildings and rooms via badging systems
     - activity log data from many other software systems, e.g. Microsoft, Salesforce, SAP, Cisco
     - external data, e.g. criminal history, financial distress

   • Embed this notice
     Wolfie Christl (wchr@mastodon.social)'s status on Wednesday, 28-Aug-2024 06:13:09 JST Wolfie Christl

     in reply to

     Based on behavioral profiling, Forcepoint's technology continuously calculates risk scores for employees, singles out those who are assessed as suspicious, ranks them by risk and raises alerts.

     To identify 'anomalous' behavior, it can analyze behavioral data on many or all employees, which is recommended by Forcepoint.

   • Embed this notice
     Wolfie Christl (wchr@mastodon.social)'s status on Wednesday, 28-Aug-2024 06:13:09 JST Wolfie Christl

     in reply to

     The system uses 'behavioral risk models' to assess whether employees are in financial distress, show 'decreased productivity' or intend to leave the job, how they communicate with colleagues and whether they access 'obscene' content or show 'negative sentiment' in their communications.

     Here's a list of built-in risk models, see p. 16 in my report:
     https://crackedlabs.org/dl/CrackedLabs_Christl_SecurityRiskProfiling.pdf

     Aral Balkan repeated this.