Posted on Leave a comment

Employee monitoring software became the new normal during COVID-19. It seems workers are stuck with it

Many employers say they'll keep the surveillance software switched on — even for office workers.


In early 2020, as offices emptied and employees set up laptops on kitchen tables to work from home, the way managers kept tabs on white-collar workers underwent an abrupt change as well.

Bosses used to counting the number of empty desks, or gauging the volume of keyboard clatter, now had to rely on video calls and tiny green "active" icons in workplace chat programs.

In response, many employers splashed out on sophisticated kinds of spyware to claw back some oversight.

"Employee monitoring software" became the new normal, logging keystrokes and mouse movement, capturing screenshots, tracking location, and even activating webcams and microphones.

At the same time, workers were dreaming up creative new ways to evade the software's all-seeing eye.

Now, as workers return to the office, demand for employee tracking "bossware" remains high, its makers say.

Surveys of employers in white-collar industries show that even returned office workers will be subject to these new tools.

What was introduced in the crisis of the pandemic, as a short-term remedy for lockdowns and working from home (WFH), has quietly become the "new normal" for many Australian workplaces.

A game of cat-and-mouse jiggler

For many workers, the surveillance software came out of nowhere.

The abrupt appearance of spyware in many workplaces can be seen in the sudden popularity of covert devices designed to evade this surveillance.

Before the pandemic, "mouse jigglers" were niche gadgets used by police and security agencies to keep seized computers from logging out and requiring a password to access.

Mouse jigglers for sale on eBay
An array of mouse jigglers for sale on eBay.(Supplied: eBay)

Plugged into a laptop's USB port, the jiggler randomly moves the mouse cursor, faking activity when there's no-one there.

When the pandemic hit, sales boomed among WFH employees.

In the last two years, James Franklin, a young Melbourne software engineer, has mailed 5,000 jigglers to customers all over the country — mostly to employees of "large enterprises", he says.

Often, he's had to upgrade the devices to evade an employers' latest methods of detecting and blocking them.

It's been a game of cat-and-mouse jiggler.

"Unbelievable demand is the best way to describe it," he said.

And mouse jigglers aren't the only trick for evading the software.

In July last year, a Californian mum's video about a WFH hack went viral on TikTok.

Leah told how her computer set her status to "away" whenever she stopped moving her cursor for more than a few seconds, so she had placed a small vibrating device under the mouse.

"It's called a mouse mover … so you can go to the bathroom, free from paranoia."

Others picked up the story and shared their tips, from free downloads of mouse-mimicking software to YouTube videos that are intended to play on a phone screen, with an optical mouse resting on top. The movement of the lines in the video makes the cursor move.

"A lot of people have reached out on TikTok," Leah told the ABC.

"There were a lot of people going, 'Oh, my gosh, I can't believe I haven't heard of this before, send me the link.'"

Tracking software sales are up — and staying up

On the other side of the world, in New York, EfficientLab makes and sells an employee surveillance software called Controlio that's widely used in Australia.

It has "hundreds" of Australian clients, said sales manager Moath Galeb.

"At the beginning of the pandemic, there was already a lot of companies looking into monitoring software, but it wasn't such an important feature," he said.

"But the pandemic forced many people to work remotely and the companies started to look into employee monitoring software more seriously."

An online dashboard showing active time and productivity score for a worker
Managers can track employees' productivity scores on a realtime dashboard.(Supplied: Controlio)

In Australia, as in other countries, the number of Controlio clients has increased "two or three times" with the pandemic.

This increase was to be expected — but what surprised even Mr Galeb was that demand has remained strong in recent months.

"They're getting these insights into how people get their work done," he said.

The most popular features for employers, he said, track employee "active time" to generate a "productivity score".

Managers view these statistics through an online dashboard.

Advocates say this is a way of looking after employees, rather than spying on them.

Bosses can see who is "working too many hours", Mr Galeb said.

"Depending on the data, or the insights that you receive, you get to build this picture of who is doing more and doing less."

Nothing new for blue-collar workers

But those being monitored are likely to see things a little differently. 

Ultimately, how the software is used depends on what power bosses have over their workers.

For the increasing number of people in insecure, casualised work, these tools appear less than benign.

In an August 2020 submission to a NSW senate committee investigating the impact of technological change on the future of work, the United Workers Union featured the story of a call centre worker who had been working remotely during the pandemic. 

One day, the employer informed the man that monitoring software had detected his apparent absence for a 45-minute period two weeks earlier.

The submission reads:

Unable to remember exactly what he was doing that particular day, the matter was escalated to senior management who demanded to know exactly where he physically was during this time. This 45-minute break in surveillance caused considerable grief and anxiety for the company. A perceived productivity loss of $27 (the worker's hourly rate) resulted in several meetings involving members of upper management, formal letters of correspondence, and a written warning delivered to the worker.

There were many stories like this one, said Lauren Kelly, who wrote the submission.

"The software is sold as a tool of productivity and efficiency, but really it's about surveillance and control," she said.

"I find it very unlikely it would result in management asking somebody to slow down and do less work."

Ms Kelly, who is now a PhD candidate at RMIT with a focus on workplace technologies including surveillance, says tools for tracking an employee's location and activity are nothing new — what has changed in the past two years is the types of workplaces where they are used.

Before the pandemic, it was more for blue-collar workers. Now, it's for white-collar workers too.

"Once it's in, it's in. It doesn't often get uninstalled," she said.

"The tracking software becomes a ubiquitous part of the infrastructure of management."

The 'quid pro quo' of WFH?

More than half of Australian small-to-medium-sized businesses used software to monitor the activity and productivity of employees working remotely, according to a Capterra survey in November 2020.

That's about on par with the United States.

"There's a tendency in Australia to view these workplace trends as really bad in other places like the United States and China," Ms Kelly said.

"But actually, those trends are already here."

A screenshot of a dashboard showing a graph with different emotions
The latest software claims to monitor employee emotions like happiness and sadness.(Supplied: StaffCircle)

In fact, a 2021 survey suggested Australian employers had embraced location-tracking software more warmly than those of any other country.

Every two years, the international law firm Herbert Smith Freehills surveys thousands of its large corporate clients around the world for an ongoing series of reports on the future of work.

In 2021, it found 90 per cent of employers in Australia monitor the location of employees when they work remotely, significantly more than the global average of less than 80 per cent.

Many introduced these tools having found that during lockdown, some employees had relocated interstate or even overseas without asking permission or informing their manager, said Natalie Gaspar, an employment lawyer and partner at Herbert Smith Freehills.

"I had clients of mine saying that they didn't realise that their employees were working in India or Pakistan," she said.

"And that's relevant because there [are] different laws that apply in those different jurisdictions about workers compensation laws, safety laws, all those sorts of things."

She said that, anecdotally, many of her "large corporate" clients planned to keep the employee monitoring software tools — even for office workers.

"I think that's here to stay in large parts."

And she said employees, in general, accepted this elevated level of surveillance as "the cost of flexibility".

"It's the quid pro quo for working from home," she said.

Is it legal?

The short answer is yes, but there are complications.

There's no consistent set of laws operating across jurisdictions in Australia that regulate surveillance of the workplace.

In New South Wales and the ACT, an employer can only install monitoring software on a computer they supply for the purposes of work.

With some exceptions, they must also advise employees they're installing the software and explain what is being monitored 14 days prior to the software being installed or activated.

In NSW, the ACT and Victoria, it's an offence to install an optical or listening device in workplace toilets, bathroom or change rooms.

South Australia, Tasmania, Western Australia, the Northern Territory and Queensland do not currently have specific workplace surveillance laws in place.

Smile, you're at your laptop

Location tracking software may be the cost of WFH, but what about tools that check whether you're smiling into the phone, or monitor the pace and tone of your voice for depression and fatigue?

These are some of the features being rolled out in the latest generation of monitoring software.

Zoom, for instance, recently introduced a tool that provides sales meeting hosts with a post-meeting transcription and "sentiment analysis".

A screenshot of a sales video with analytics and sentiment analysis
Zoom IQ for Sales offers a breakdown of how the meeting went.(Supplied: Zoom)

Software already on the market trawls email and Slack messages to detect levels of emotion like happiness, anger, disgust, fear or sadness.

The Herbert Smith Freehills 2021 survey found 82 per cent of respondents planned to introduce digital tools to measure employee wellbeing.

A bit under half said they already had processes in place to detect and address wellbeing issues, and these were assisted by technology such as sentiment analysis software.

Often, these technologies are tested in call centres before they're rolled out to other industries, Ms Kelly said.

"Affect monitoring is very controversial and the technology is flawed.

"Some researchers would argue it's simply not possible for AI or any software to truly 'know' what a person is feeling.

"Regardless, there's a market for it and some employers are buying into it."

The movement of the second hand of an analogue wristwatch moves an optical mouse cursor a tiny amount.(Supplied: Reddit)

Back in Melbourne, Mr Franklin remains hopeful that plucky inventors can thwart the spread of bossware.

When companies switched to logging keyboard inputs, someone invented a random keyboard input device.

When managers went a step further and monitored what was happening on employees' screens, a tool appeared that cycled through a prepared list of webpages at regular intervals.

"The sky's the limit when it comes to defeating these systems," he said.

And sometimes the best solutions are low tech.

Recently, an employer found a way to block a worker's mouse jiggler, so he simply taped his mouse to the office fan.

"And it dragged the mouse back and forth.

"Then he went out to lunch."

 
Posted on Leave a comment

Okta to pay $6.5B to acquire Seattle’s Auth0; identity tech startup was valued at $1.9B last year

Auth0, the billion-dollar Seattle-area startup that is a leader in identity authentication software, is being acquired by Okta, another leader in the space, the companies announced Wednesday. The all-stock deal is valued at approximately $6.5 billion — one of the largest acquisitions of a Seattle tech company.

Auth0 was co-founded in 2013 by Eugenio Pace, who formerly ran the patterns and practices group at Microsoft, and Matias Woloski, a software engineer who remains the company’s CTO. Both hail from Argentina, and Auth0 has built its more than 850-person team through a distributed approach with workers scattered all over the world.

The startup raised a $120 million round in July at a $1.9 billion valuation, making it a rare Seattle unicorn. That step up in valuation from $1.9 billion to $6.5 billion in just eight months is impressive, but not everyone is thinking that Auth0 should have sold so soon.

Even still, the deal is a huge windfall for the company’s founders and early investors, including Pacific Northwest firms Founders’ Co-op and Portland Seed Fund. And it’s a big payoff in Seattle’s startup scene — nearly tripling the $2.25 billion that EMC paid for Seattle data storage company Isilon in 2010.

“We started Auth0 seven years ago,” Pace said last year at the GeekWire Awards, after Auth0 won honors for Deal of the Year. “Sometimes it feels like seven minutes and sometimes it feels like 70 years. But it’s been a great journey.”

GeekWire heard rumblings about a play for Auth0 a few weeks ago, but we were unable to confirm the news. Forbes, which broke the story today, noted that the deal was slow to close because Auth0 was weighing other options, including an IPO and other possible suitors.

Auth0 will continue operating as an independent business within Okta.

San Francisco-based Okta boasts a market capitalization of $31 billion, with 2,800 employees worldwide. The company’s shares fell more than 13% in after-hours trading.

Okta reported its fourth quarter earnings Wednesday, with revenue up 40% to $234.7 million and net losses growing to $75.8 million, up from $50.4 million.

“Okta and Auth0 have an incredible opportunity to build the identity platform of the future,” Pace said in a news release.

Auth0 co-founders CEO Eugenio Pace, bottom left, and Matias Woloski, bottom right, sign acquisition agreement papers via video chat with Okta co-founders Frederic Kerrest and CEO Todd McKinnon, top right. (Okta Photo)

Auth0 is currently ranked No. 4 on the GeekWire 200, our index of top Pacific Northwest startups. However, as is customary with an acquisition or IPO, Auth0 will now be moved off the list.

“We think it’s a fantastic validation of their ‘developer-first’ approach to enterprise software, and of Seattle’s startup ecosystem more generally,” Founders’ Co-op Managing Partner Chris DeVore told GeekWire. “We’re thrilled for the founders and have already seen the knock-on effects of the entrepreneurial culture they built as two of our most recent investments (Fusebit and Zerowall) were both founded by Auth0 alums.”

Salesforce Ventures led Auth0’s $120 million Series F round in July. The funding followed a $103 million round in May 2019. Total funding to date for the 8-year-old company is more than $330 million.

Other Auth0 investors include DTCP, Bessemer Venture Partners, Sapphire Ventures, Meritech Capital, World Innovation Lab, Trinity Ventures, Telstra Ventures, and K9 Ventures. Early investor and first Auth0 board member Sunil Nagaraj, who at the time of the deal was working for Bessemer, writes about the early days of the startup in this blog post congratulating the founding team on the acquisition.

“You will not find another person on Earth that cares more about understanding someone and communicating something clearly than Auth0 CEO Eugenio Pace,” Nagaraj wrote.

Auth0 co-founders Matias Woloski, left, and Eugenio Pace. (Auth0 Photo)

Auth0 combines existing login and identity verification options into a few lines of code that developers can quickly add to their applications. Its platform includes services like single sign-on, two-factor authentication, password-free login capabilities, and the ability to detect password breaches.

The pandemic has put a spotlight on security tech companies with accelerated adoption of digital services. Pace told GeekWire last year that demand for Auth0’s services was “massive” as companies connect more and more with customers in the cloud.

Auth0 processes more than 4.5 billion login transactions per month.

“I’m thrilled by the choice, flexibility, and value we’ll offer customers: Okta and Auth0 address a broad set of identity use cases, and our identity platforms are robust and extensible enough to serve the world’s largest organizations and most innovative developers,” Todd McKinnon, CEO and co-founder of Okta, wrote in a blog post.

Posted on Leave a comment

VI1: Technology Changes Rapidly; Humans Don’t

Technology Changes Rapidly; Humans Don't

Tharon W. Howard, in Design to Thrive, 2010

Abstract

The RIBS heuristic are essential to better understand how to design sustainable social networks and online communities. This final chapter is designed to afford network architects and community designers a better view both of RIBS and of external forces in the social media landscape. Social networks and online communities have the potential to effect economic, political, and social changes far beyond the expectations of their designers, and that kind of “success” can ironically threaten the sustainability of a community. When social media begin to impact larger institutions, such as the election of government officials, intellectual property laws, religious institutions, educational settings, and other established institutions of literate cultures, then a battle for control ensues. The issues resulting from such clashes can destroy communities whose leaders lack a means of understanding and anticipating the conflicts. This chapter explores four areas of the future that history suggests are likely to be the social networking battlefield of the future. These four areas are copyrights and intellectual property; disciplinary control vs. individual creativity; visual, technological, and new media literacies; and decision-making contexts for future markets. One can use RIBS as an analytical tool on existing communities in order to assess the health of their community's interactions.

Ownership and control of virtual identities

Control of an individual's virtual identity is yet another example of this future intellectual property battlefield. In this book, I've talked a lot about Blizzard's extraordinarily successful game, World of Warcraft (WoW). I've talked about how WoW players have an incredible investment in the avatars they create. Players spend months, years even, creating their avatars, collecting different weapons, armor, articles of clothing, and so on by playing the game. And, as shown in Chapter 6 with the character Justus, WoW players invest a lot of their real identities in the characters they create. For most of them, that avatar belongs to them; they made it and they invested significant resources in its creation. This is also true for users of the social network Second Life. They also identify with their avatars so strongly that users are living a “second life” through those avatars as well as the spaces they create. For WoW and Second Life users, their avatars are their virtual identities. So if these users want to share an image of their virtual selves with others, they should be able to do so, right?

Wrong. They can't share their virtual identities because (1) screen captures are considered “derivative works” and (2) because Blizzard owns World of Warcraft and Linden Labs owns Second Life. Blizzard had hundreds of artists, designers, and programmers create the armor, weapons, clothing, and mounts that players collect. As a result, they own the game and any derivative works that come from it. If a player wished, for example, to create a line of t-shirts and posters with her avatar on the front that she would sell through, say, Café Press, then Blizzard could sue for copyright infringement. And again, this makes sense from Blizzard's perspective, as the company provided all the artwork and software required to derive that particular avatar's configuration. But from the player's perspective, the avatar is her virtual self; it's who she is in that world. In the real world, she might wear Lee blue jeans to work every day; that doesn't mean she has to give Lee a cut of her salary or, to carry the analogy further, that Lee has the right to tell her she can't go to that particular job because she's wearing jeans they designed.

Ownership of purchasing identities

Beacon was an application that would tell other users on Facebook what products and services an individual was purchasing. The idea, presumably, was that knowing what videos your friends were renting, what movie tickets they were purchasing, and what video games they were buying would encourage you to make similar purchase decisions. However, the loss of control over the information being revealed about a user's Facebook identity infuriated large numbers of Facebook users who brought a class action lawsuit against Beacon, Blockbuster, Fandango, Overstock, Gamefly, Hotwire, and a small number of other companies who had partnered with Beacon to provide the service. In this case, the virtual identity wasn't an image or an avatar, it was the ability to control the story or picture of an individual that emerged through his or her purchasing decisions. The virtual identity in this case may be less tangible than an avatar, yet users’ need to own and control it is no less passionate.