My employer is spying on me

Espionage in the Workplace - Is It Allowed?

Arne Arnold

Briefly check private emails at work or take a look at Facebook: Is that even allowed? And can the boss monitor my PC work? We provide answers to technical and legal questions about workplace PCs.

EnlargeWhat can the boss do?
© © Kurhan - AdobeStock

You have just completed a task at work. For many, this is a good time to quickly reserve cinema tickets for the evening online or to check news about the current sports event. Ideally, there is a good, trusting relationship between employer and employee. There is also an exact agreement about the private use of the company computer, which is available in writing in a company agreement. In fact, such ideal cases are rather rare. That is why we would like to shed light on the topic of private PC use in the workplace and employee monitoring in this article. We clarify the most important legal questions in the box below. We get to the bottom of the technical possibilities here.

Which PC monitoring is purely technically possible?

There is a large number of monitoring programs for the workstation PC. This is because extensive monitoring of workers is completely legal in the USA, for example. The programs are called Time Doctor , Vericlock or Activtrak . You can find an overview of ten of these tools here. Here are a few examples of what these PC monitoring tools can do:

They take screenshots at regular intervals. In addition to a time trigger for screenshots, the start of certain programs or the opening of certain websites also act as a trigger for screenshots. This applies to the launch of chat tools or calling up social media, for example. The monitoring tools create logs of the websites visited and note how long the user lingers on each page. They monitor the input in search engines as well as changes to the folder structure. You create logs about the usage time of the programs called. You check the content of connected USB sticks. You search for keywords in mails and then trigger a message. They save all keystrokes and a lot more.

Reading tip:Cell phone ban in the workplace - is that legal?

Which PC monitoring is actually allowed?

Such extensive monitoring as described above is generally not permitted as permanent monitoring in Germany. This was confirmed, among other things, by a ruling by the Federal Labor Court in July 2017. The negotiated case concerned the monitoring of an employee with the help of a keylogger, about the use of which he was not informed beforehand (file number 2 AZR 681/16). Only in individual cases, if there are sufficient reasons, can close monitoring be legal for a limited time. Partial computer monitoring of individual or all employees is possible if this has been agreed with the employees in advance and the works council has given its approval. It should not be a secret which regular PC monitoring takes place in your company. If you are not yet aware of any PC monitoring measures, please ask again if in doubt. You may have agreed to surveillance when you signed your employment contract and works agreement.

Uncover surveillance: what is technically possible?

EnlargeIn some countries, such as many states in the USA, complete monitoring of the PC is legal. The range of monitoring tools for Windows is correspondingly large.

You have determined that there is officially no PC surveillance in your company. Still, you believe that the administrator, the boss, or both are spying on you. Can you technically expose the surveillance? The answer depends on which monitoring programs are being used.

Professional tools can hardly be discovered

EnlargeMost antivirus programs report an active PC monitoring tool. Of course, this does not apply to the antivirus program that is already installed. It contains an exception rule for the spy software.

If your boss uses a professional monitoring tool, it is very likely that your Windows user account does not have administrator rights. In this case, you have little chance of discovering the surveillance. Among other things, the tools deactivate the Windows task manager or can mask your process so that it does not appear in the task manager. However, everyone makes mistakes. Perhaps the professional monitoring tool is not configured correctly and you can discover its task or its program and file folder. Use the file manager to search for the folder. You can search for the task using the Windows Task Manager or the Process Explorer tool. If you are allowed to install software on your PC, it is worth using anti-virus software that reports at least some monitoring tools. You can use the full version Eset Internet Security or the free Kaspersky Free.

Working time control tricking logging into the server

The control of working hours, for example via a log on the server, is not only legally possible, but will also be mandatory for employers in the future (see information in the box). If your employer logs the PC time on the server, then he has to make this known. If you fear that the server could secretly record your PC time, you can trick the system quite easily: let your PC start automatically in the morning and shut down in the evening. You can do this with Sleep Timer Ultimate, for example. You can find detailed instructions for the tool here. Warning: Do not use this trick with the intention of damaging your company and faking more hours than you actually do. A warning or even termination could be the result.

Own picture on the net - What am I allowed to do? What are my rights and obligations?

Surfing the Internet: Monitoring on the server

EnlargeA website's certificate identifies it as genuine and enables the browser to start SSL / TLS encryption. This is the certificate key from

Even the Fritzbox can use a few tricks to record the data traffic of individual PCs with the Internet. The gateways in companies can usually do the same. You not only succeed in reading the unencrypted data traffic, but you can also break encrypted connections and read their entire content. This option can be found in the company gateways under menu items such as SSL inspection, HTTPS inspection or SSL interception.

You cannot determine whether the unencrypted traffic is being logged. But if you fear your company is using SSL decryption, in many cases it is easy to detect. To do this, look at the certificate of an encrypted website. You do this once on the workstation PC and once on a private device. If the certificates on the website differ, your company has put its own certificate on you. This is what the gateway needs to break the SSL connection.