alt Hacker NewsThis is something that genuinely runs the gamut across different companies—plenty don't even know the serial numbers of company-owned machines, never mind which devices individuals have, while others do effectively have live feeds of every employee's screen available to managers at all times. In between you have many businesses that manage their devices but only insofar as to enforce some basic protection and reserve the right to investigate it in the case that something does go wrong. In having conversations about this kind of stuff with company leaders, many will strongly reject any of the most invasive tracking stuff, believe it or not.
I do agree, though, that for any type of surveillance, the rise of AI presents a really problematic opportunity to allow more targeted observation, since nobody has to spend their own time looking for what people are doing, they can ask an AI to keep tabs and look out for the things they care about.
On that note, I think one of the more realistic risks for an everyday person doing personal things on a work machine is probably insider threat from a rogue IT admin, whose access allows them insight into company devices without enough oversight.
Replies
Yeah, many companies don't want the liability issues. Like what happens if I open my bank account on my work computer? You could argue I can expect someone to be watching but I have no warning that someone is? Here in the EU that would probably be an easy lawsuit.
Isn't Facebook training their AIs on their finest engineer's computer use so the AIs can become better computer users?
In this case, the more insidious yet subtle risk and attack vector for humans using these Facebook computers, is that Facebook begins to use this data to discriminate (legally) on performance metrics. They can then use these to automatically disseminate performance improvement plans, lead to higher productivity (perceived, as whats measured no longer ends up being a useful metric) and control and urge people to do more of what they desire.
And my curiosity is: does what Facebook desire align with what the humans who work for Facebook desire? I think with AI, that's a no. The company desires as low a labor/workforce/compensation cost as possible, while the humans desire as much compensation as possible.
I think IT departments also tend to underestimate the risk they pose when they manage machines. Look at Stryker, where intruders used Intune to wipe all the company's devices. The ability to do that shouldn't exist, but the IT department happily rolled out the means of their own destruction in the name of compliance and making their lives easier.