Years ago I was hanging out with my boss in his office and I noticed his phone was different from the cubicle variety. One of the differences he pointed out to me was that he was able to listen in to any call made by his employees. He claimed not to do this as this was a rabbit hole he chose not to follow and did not know of anyone who did. It was simply a feature on the phone (I believed him because, hey, why tell me about it?). At the time I was shocked, and thought surely this was highly illegal. It turns out not to be illegal at all (although some states may throw a wrench or two into the process). I would not assume that “remote viewing” is illegal without a cite.
As to whether it is possible, it would be foolish for anyone here to rule it out given that they could have physical possession of the laptop. Hell, they may even be watching you through the laptop’s camera.
The one thing in your favor is that any company that allows you to plug your own machine into their network does not have the sharpest knives in the IT drawer working for them, so maybe they don’t know how to remotely view you. I would be wary of doing business with a company that allows you to plug your own computer into the network. It might have been acceptable five years ago, but not now.
I had not read this before posting above. Five years ago I was able to do much the same thing. I used my home computer to log on using a vpn. The IT department determined that this left far too many holes and instituted a system whereby only company owned (and controlled) devices could be used. This makes sense to me and I assumed that the industry was moving in that direction. If si blakely is correct, I was mistaken. Perhaps I am not the sharpest knife in the drawer.
I have heard of this, it is just beginning to be popular in my company, but I haven’t heard of anyone allowing a private computer to connect to a company network. I thought BYOT applies only to email and phones, not computers. It certainly seems to be a giant security hole. Even if one does limit it to computers that are scanned by a company anti-virus. This could be much more popular than I know, but I haven’t heard of it.
IMHO BYOD is about one of the most stupid ideas being pushed at the moment. For a view that gets an IT support opinion, this is a good start. (PFY == Pimply Faced Youth aka, assistant IT geek)
You seem to be saying that there’s no practical or legal difference between packet sniffing and unauthorized remote access to a machine. Even assuming that a company is in the right to passively inspect all traffic on its network, this isn’t the same thing as breaking into a machine connected to it and actively surveilling everything the user is doing, regardless of whether the user’s activity generates network traffic.
To give an analogy, the OP probably has implicit permission from the company to park his car on their lot. The company is free to install a security camera on the lot which monitors the coming and going of cars, including the OP’s. However, no jurisdiction on the planet would permit the company to secretly break into all those cars and install their own cameras in them (or activate and record from any existing cameras the owners may already have installed).
I think Psychonaut’s point was that certain activities, performed locally on even a networked machine, are not visible in the form of packets traversing the network, but would be visible to someone remotely viewing the screen.
If the user is playing a standalone game, for example. Visible on the screen, invisible in terms of network traffic, thus, screen viewing may be regarded as more intrusive than packet sniffing.
Of course that depends on the jurisdiction and possibly also on the details of the case, neither of which the OP has provided.
In Germany, an employer’s monitoring of an employee’s personal computer (but not of one furnished by the employer) would be a breach of the Telemediengesetz. (Until very recently it was also illegal for German employers to monitor computers furnished to their employees for both business and personal use.)
BYOD is becoming more and more popular. In the same way that cash allowances often replace company cars, some employers (not mine, sadly, which is why I don’t BMOD) offer a one-off payment for staff to buy their own laptop / phone etc, thus freeing IT from having to support it.
The way we do BYOD where I work (which is a telecoms firm in the UK) is that you can use your own laptop to connect to the network, but you have to install a thin-client application (Citrix, I think). All access to business systems and the network is via the thin client; essentially, your laptop becomes a dumb terminal, used to view a remote desktop. There’s no way (as far as I know) for anything stored locally on the laptop to interact with the remote systems, and you can’t save anything locally - all storage is on the central servers. This means that you could connect the most virus-riddled PC, and it wouldn’t matter, and no-one can steal data because you can’t get it off the central servers. In an age of cheap USB storage, this is arguably MORE secure.
What I meant is that I don’t think there’s a legal difference – based on my very light research of US policies – between packet sniffing and remote monitoring, assuming it’s company equipment. The US has very weak privacy, employee, and consumer protections compared to the E.U… Our laws tend to favor the corporations. But even here, the way that’s usually done is through some “security agent” that they pre-install or ask you to install on your own computer, or perhaps hidden in the fine print of the generic security software. They don’t just break in and secretly install it.
If they have to hack in to your computer to install it, that’s altogether different and illegal under various computer crimes laws. Not because they’re remote monitoring, but because they’re hacking.
As far as I can tell, there’s nothing illegal about remote monitoring your employees without hacking.* I could be wrong, but that’s what the few sources I’ve read said. In the parking analogy, in this case they wouldn’t break into your car, but they’d have a few secret cameras that they don’t tell you about in addition to the big ones you can see on light posts.
*But apparently US gov employees get more protection, because they’re bound by the Constitution more than private employers are.