WFH – Watched from Home: Office 365 and workplace surveillance creep
In the past few years, the pandemic and the shift to working from home have bolstered the use of remote surveillance software to monitor employees. In 2020, global demand for employee monitoring software increased 108 per cent by April and 70 per cent by May 2020 compared to pre-pandemic times. At the same time, search engine queries for "How to monitor employees working from home" increased by 1,705 per cent in April and 652 per cent in May 2020 compared to the previous year.
In the past few years, the pandemic and the shift to working from home have bolstered the use of remote surveillance software to monitor employees. In 2020, global demand for employee monitoring software increased 108 per cent by April and 70 per cent by May 2020 compared to pre-pandemic times. At the same time, search engine queries for “How to monitor employees working from home” increased by 1,705 per cent in April and 652 per cent in May 2020 compared to the previous year. Such highly intrusive solutions are immensely problematic, providing access to every keystroke, and mouse movement and sometimes offering features such as regular webcam access. But these invasive practices are not solely facilitated through the deployment of dedicated employee monitoring software.
Many so-called “productivity suites”, which have been available for years and that you may be familiar with, have also started to integrate discrete and invasive features that compete with the ones offered by bossware. Among such “productivity suites” is the well-known Microsoft 365 cloud-based productivity package, which offers a wide range of tools for real-time collaboration and communication.
What may be less well known about it is how it may be enabling your boss to see how you are spending your day while sitting in front of your company’s device. Through an investigation into Office 365, and thanks to research conducted by UCL computer science graduate Demetris Demetriades, Privacy International has exposed invasive and problematic features that the Suite offers, unbeknownst to most users.
Two of the most concerning features that Office 365 offers are the tools for information governance and risk management called Audit and Content Search. These can be used to present a detailed amount of information to administrators. By simply introducing the right queries administrators can gain access to reading people’s e-mails, documents and 1-1 messages on Teams and anywhere else actionable. The Audit feature, which is not enabled by default, provides the additional option to search for individual users over a chosen period and displays all imaginable activities conducted by the user in a list format down to deletion of e-mails and password changes.
On the employees’ side, little is available to assess whether your boss is using these features to spy on you or not. Indeed, Office 365 does not notify users when an administrator enables the above-mentioned ‘Audit’ feature or when dashboards are generated, and in no way discloses what features are active when an employee first joins Office 365. The opacity for employees is absolute.
The surveillance capabilities and privacy implications of its Productivity tools are not new to Microsoft. In 2020, they introduced a few changes to the Microsoft Productivity Score with better privacy practices in mind. But Privacy International believe there is more that the company should commit to in order to protect users from being spied on.
Read Privacy International’s recommendation and the full research here.
Visual credit: Privacy International
Contribution by: EDRi member Privacy International