News &

Why A Balanced Approach Of Response And Preparation Is Needed For Data Security

A recent study found that IT personnel recognize how proactive risk assessment steps can minimize damage from a systems breach. However, do they have the time? Learn more.

Checking For Skimmers: A Day-To-Day Security Task

Performing visual and physical security checks can help you spot credit card skimmers. Learn more about this identity theft risk.

Online Account Takeover Fraud Spiking: Are Unique And Strong Passwords The Answer?

Account takeover fraud is on the rise. Read ways to protect yourself from this form of identity theft.

The Double-Whammy Threat Of Ransomware: Not Always About The Money

Many threat actors now incorporate data exfiltration extortion into their ransomware attacks. Learn more about ransomware attacks and data breaches.

The Right And Wrong Way To Monitor Employee Internet Use

Apple recently announced that it will soon begin scanning messages on iPhones in the U.S. for known images of child sexual abuse.

Apple stated that the new tool, called "neuralMatch" allows it to detect child sexual abuse images without decrypting people's messages. Apple's messaging app uses machine learning to notify the company about possible illicit images without Apple employees being able to read messages.

If neuralMatch identifies a known image of child sexual abuse, an employee will review the image and then notify law enforcement if it is child sexual abuse.

Some researchers have voiced concern that the tool could be used by authoritarian governments to surveil citizens, particularly dissenters or protesters. In fact, governments and law enforcement have pressured Apple to allow for surveillance of encrypted data, requiring Apple to balance child safety with protecting user privacy.

A cryptography researcher at Johns Hopkins said he worries that the technology could be used to frame innocent people by sending them seemingly harmless images designed to trigger a match with known child sexual abuse images.

On the other hand, the president and CEO of the National Center for Missing and Exploited Children has called Apple's new tool "a game changer" with "lifesaving potential for children who are being enticed online."

Tech companies such as Microsoft, Google, and Facebook have been sharing "hash lists" of known child sexual abuse images for years. Apple also already scans user files stored in iCloud, which is less securely encrypted than iPhone messages, for child sexual abuse images. Barbara Ortutay and Frank Bajak "Apple to scan U.S. iPhones for images of child sexual abuse" (Aug. 06, 2021).


The controversy regarding the monitoring of iPhones is that it involves a device provider and private communications. Employers routinely monitor employee communications. Such monitoring is considered a best practice so long as it is not abused.

Employers have a fair amount of leeway when it comes to using technology to monitor employees’ activity. However, to avoid privacy violations, alienating employees, and high turnover rates, employers must use surveillance technology wisely and inform employees of all monitoring.

Notify employees upon hire of the types of monitoring technology you use and what they are designed to look for. Make sure employees understand the purpose behind the technology and how it relates to their privacy rights. Encourage employees to notify their supervisor if they have questions or concerns about any monitoring technology and protect those who report from retaliation.

In the case of monitoring for illegal activity, such as images of child sexual abuse, your organization is likely in the right. However, you should discuss all use of monitoring technology with your legal team to make sure it does not cause a privacy violation, especially if employees have raised concerns.

Finally, never use monitoring technology in a discriminatory or harassing manner. If you monitor what websites employees visit, you must do so for all employees, regardless of their protected class status. Never subject those who have reported wrongdoing to greater surveillance, which is illegal retaliation.

Finally, your opinion is important to us. Please complete the opinion survey: