Executive

…33

The laptop on her desk was powering up. Alex impatiently waited for it, so she could get a few things checked before ending her day. Her first week at NanoLance had been quite intensive, with back-to-back meetings with executives, department leaders, program and project managers, and other people she had identified as potentially valuable to meet. Using the cover provided by a somewhat formal on-boarding plan, she was able to meet with almost everyone of interest at this early stage. The only team she was yet to meet was the manufacturing team at the Alpine plant. She was carefully delaying that, waiting for the meeting with her boss to take place first, rather than surprise him with her visit at the plant.

A chime advised her that the laptop was ready. She started digging through system folders and registries, looking for any indication of spy programs or keystroke loggers. Of course, she thought, there you are. I was expecting nothing less. A software-based keystroke logger was installed on her machine, configured to save in a particular place on the hard disk every single keystroke she typed. This was the perfect surveillance tool for the person who wanted to know everything she did in a day.

With more digging, she was able to locate another spyware program, this one configured to capture screenshots of her work at fixed intervals. The third component to the perfect electronic surveillance was the browser log, a small piece of software that would record all the websites she visited and the time spent on each one.

Alex paused, considering her options. She could install a personal firewall. They'd find that in no time, she thought, dismissing the idea. She could uninstall all these pieces of spyware, but they'd also figure that one out pretty fast. She could change the registry settings on her laptop, so that the spyware programs would never start, but they would be on to her immediately, as soon as they got no input from these programs.

She closed the laptop, pulled the power cord from the wall plug, and stuffed everything in her laptop carrying case. She knew exactly what she needed to do.

Almost two hours later, she was ringing the doorbell at Tom's house, laptop bag in one hand, bottle of Martini in the other. She smiled, remembering how stressed she had been on her first visit. Now it felt more like coming home.

Tom opened the door, his eyes directly on the laptop bag.

"How are you, sweetie? How was your day?"

Sweetie? Tom had never called her that. She gazed at him in surprise. His eyes remained on the bag.

"Let me take that from you, come right in. Dinner's almost ready." He stepped quietly in the house, Alex following.

"Where's your smart phone?" Tom asked. "You know how we hate being interrupted over dinner. Please turn that thing off."

She reached inside her pocket and gave Tom her NanoLance issued phone. She was starting to understand.

Tom took the phone, put it in the laptop bag, and shoved everything inside a gun safe he kept in the garage, and then closed the door.

Coming back into the living room, followed closely, as usual, by Little Tom, he turned to Alex and said, "Now we can talk. We're having stuffed portabella mushrooms for dinner. Sound good?"

"Yes," Alex replied cheerfully.

"Great, one more mushroom going on the grill." Tom headed for the kitchen, followed by his human and feline companions.

"Tom, how did you know it was the laptop I was coming to see you about?"

"I didn't. I was being cautious, in case there's a bug planted in your equipment somewhere. Why, what's wrong with it?"

"You mean a voice recording bug? I didn't think of that," Alex said and frowned, "but I guess it's just as likely. What I found was spyware, and lots of it."

"Spyware?"

"Little programs installed on the computer, with the sole purpose to record everything I do, every website I visit, every email I write. Even if I work in Word or Excel, they'd still be able to capture every bit of what I am doing."

"Oh, I see." Tom looked preoccupied, almost worried. "Is this common practice?"

"For some companies, it can be. Nothing is private anymore, not at work anyway."

"So you don't believe they're on to you?"

"I would tend to say no, but that's a bigger discussion. Please let me finish with email and computer spyware first."

"Sure." Tom headed out of the kitchen with a Martini for her and a glass of wine for himself. He set both glasses on the coffee table. "I'm all ears."

"Back in the early days of email at work, employees had expectations of privacy regarding the use of company email for personal communication. That's long gone. Technically, the emails are being sent and received on company hardware situated on company property, so the entire email content and activity belongs to the employer — no privacy rights whatsoever. As technology progressed, more advanced systems allowed the recording of all email traffic from a particular server, practically copying each email message going out or coming in. This is, for many companies today, the standard. Smaller, or less-circumspect companies employ a more relaxed policy, screening and copying email traffic only if it contains specific keywords, attachments, or by using other criteria to select messages of interest to them. Questions so far?"

"No, keep going, this is very interesting," Tom replied.

"This technology takes care of all email activity an employee conducts on her business computer. How about everything else? Companies that are extremely sensitive about their activities, or extremely suspicious about their employees, engage the use of keystroke loggers. These are software applications that record every keystroke, allowing those who supervise to reconstruct in detail all of the employee's activity on that particular machine, regardless of software or application used. I could be working five minutes on a Word document, then switch to building a spreadsheet, then enter data in the accounting system — they would know it all, step by step."

"I see," Tom frowned. "Is this typical?"

"Not really, not for everyone anyway. With a company like NanoLance, you would expect to have keystroke loggers in place, due to the sensitive nature of their business. I would also assume that they only audit usage randomly or on complaint."

"On complaint?"

"Having someone read through every employee's keystrokes every day would be unfeasible, due to the sheer volume of work. Some employers assign a couple of data security employees to do random audits — pick someone different every day and go through a couple of days' worth of keystrokes. If they don't find anything out of the ordinary, the employee never hears about it and has no reason to suspect he is being audited. That's the random model. Another one is to search for particular keywords in all activity, just like the NSA searches for particular keywords in all communication, keywords such as 'bomb,' 'terrorist,' and others just like these, as part of the counter-terrorism effort. Makes sense. For companies with specific concerns in data security, it works best to install a keyword analyzer on top of the keystroke logger, to reduce the amount of work required to perform audits and surveillance on employees' computers." Alex paused to take a sip of Martini from her sweaty glass.

"What would be such an example?" Tom asked, using her pause as an opportunity to interject.

"Of using keyword analyzers in a corporate environment?"

Tom nodded.

"Oh, quite simple. Let's say your company is looking at patenting this new solution to reduce cost in the manufacturing of plastic bottles. It could mean millions for the company — the competitive edge needed to secure the company's future. In this case, you'd want to know if any employee discusses, writes specifications, or in any other way looks to steal your intellectual property and sell it. This employee would probably take notes, copy documents and data, or even write email messages containing keywords, such as 'manufacturing,' 'cost reduction,' 'process,' 'redesign,' and so on."

"But wouldn't all employees' work be riddled with such keywords? After all, it's their line of business to produce plastic bottles, right?"

"Correct. That's why the keyword analyzer doesn't work automatically or on its own. It just flags particular documents for review, documents that are then reviewed by a human and categorized as legitimate or suspicious. Keyword density also has something to do with it."

"What do you mean by that?"

"Keyword density is a measure of how many of the red-flag keywords are encountered in the same document. To your point, most documents on the majority of employees' computers would contain the words 'plastic,' or 'bottle,' or 'manufacturing,' or 'cost reduction,' because that's what they do. However, a document that contains more than one keyword, or all of them, is by far more likely to reflect suspicious activity. Therefore, keyword density is measured and used as a trigger of red flags, prioritizing suspicious documents for review by size of risk. This is auditing on complaint, or following the red flagging of a specific user account."

"I see."

"Finally, there is another category of such spyware — applications that monitor, in detail, Internet browsing. They capture each page visited and how much time was spent on it, even the links that are clicked, which allows the employer to draw conclusions as to employees' interests. This is also something that would be monitored randomly or on complaint. If, for example, the employee is seen by a supervisor as being constantly on the Internet or on Facebook instead of working, the supervisor usually has the authority to request an Internet usage report for that employee."

"What happens next with the employee? What's acceptable in terms of Internet usage at work?"

"That largely depends on company policy. Some companies restrict it to absolutely zero. You went online for five minutes; that is grounds for termination. Others allow unlimited usage during breaks. Others simply look the other way — but these wouldn't install browsing monitoring software. However, fewer companies are open about employees' use of the Internet during business hours."

"This has been informative, I appreciate it. You possess a wealth of knowledge that will benefit us all." Tom stood up and headed for the grill. "Let's see if the portabellas are done." He grabbed a large plate from the table. "How does it all relate to your laptop?"

"Well, I was definitely expecting to find a keystroke logger, considering that I am working for a company such as NanoLance. It makes sense for the business to be cautious, because it works with innovative technologies. The employees do a lot of research and development for the government, so there are lots of valid reasons. What I did not expect to find was a full array of monitoring and surveillance applications — all of them installed on my laptop, including a screenshot capture application. It captures my screen every ten minutes, saves the image, and indexes it against the keystroke logger. It's a very sophisticated monitoring application package."

"I see. So you'd have to be extra careful with the work you're doing on that laptop, including the volume of work itself."

"True, but that's not all. I need to be able to log into the main email server to look around, I need to be able to use my laptop without restrictions while I'm there, so that I can figure out what's going on. Plus, the thought of a voice bug never crossed my mind." Her voice trailed off on a saddened tone.

"Voice and video, perhaps," Tom added. "Let's not forget video."

"So, what do we do? We can't just remove everything and wipe it clean — they'll be on to me in no time."

"True. First, we look at everything — the laptop, the bag, and the phone, to find out if they are bugged already. But even if the equipment is not bugged now, you shouldn't assume it would stay like that forever. They might put one in, without notice or cause, at any given time. So you have to be careful."

"Buy a gun safe for my garage?" Alex chuckled.

"That could work. Or you could just leave it in the garage, somewhere. Or in a closet in your basement. Or, even better, leave the entire thing in your car. It's more natural, fits typical human behavior, and that shouldn't raise any red flags."

"That's what I'll do, great idea."

"I can't think of a good solution for your laptop, though. Any ideas that might work?"

"I thought of something, but it's complicated and somewhat risky."

"OK, let's hear it."

"Clone it. Clone both of them — laptop and phone."

"Clone? How?"

"Buy absolute replicas of both pieces of equipment — same makes, models, and configurations. Install the same applications, with the same user account and registrations, including the spyware."

"Why the spyware?"

"In case someone grabs a hold of the clone, they could see in fifteen seconds that it's not the same machine. But if they see a clone of their own spyware on it, they'd be absolutely convinced it's theirs. This cloned spyware would not transmit anything to anyone, though."

"I think it's brilliant!" Tom clapped his hands. "Why is it risky?"

"I would have to carry both of them and swap, when needed. All offices and conference rooms at that company have glass walls. Someone might see me swap."

"Somehow I'm not that worried about that. If you remember that the official one could potentially have audio and video bugs on it, you should be fine. Just be careful."

"I will." Or at least I hope I will, Alex thought. "I am starting to feel paranoid."

"Think of it this way: on a battlefield, in a war zone, paranoia is your best friend, it keeps you alive."

She sighed, letting a faint frown settle on her face.

Tom caught that glimpse of concern, but quietly turned away and started serving dinner.

They sat at the table, plates in front of them filled with steaming portabellas, covered with molten Swiss cheese. Claire joined them, happily sharing her satisfaction with her work results in the rose garden.

"What else is on your mind, Alex?"

"My boss. He is weird. He hates me."

"Are you sure? He has no reason to," Claire chimed in.

"Oh, he said so himself. His contempt for me, and people like me, was almost the only subject for the half hour we spent together so far."

"People like you?" Tom asked, intrigued.

"Yeah. Not too smart, young, aggressive hot shots who come and go. And that's a quote from Sheppard."

"I see. Then I think he's not really that smart himself, is he?" Tom offered, and everyone smiled.

"He might not be, but I am meeting with him tomorrow for an hour to discuss my goals, and I am dreading it." Alex paused, her frown becoming more visible. "Please, keep your fingers crossed."