With End-2-End Encryption, all of the data captured from employees’ computers will be encrypted instantly and decrypted only in the web browser of the account owner. When this feature is enabled the data being uploaded is encrypted on the workstations before it is sent out to the StaffCounter backend server, and data is decrypted only after it has arrived on the web browser when the company manager reviews the reports. StaffCounter agent app on workstations is responsible for generating and exchanging encryption keys with the manager account. StaffCounter E2EE encryption model does not require the backend to manage encryption material or perform encryption/decryption operations. All security operations are performed only on the ‘Ends’.
The End-2-End Encryption model in StaffCounter permits the backend server to perform computations on encrypted data. In this case, the computations are sorting and aggregation. As with any other time-tracking solution StaffCounter record the frequency and duration of each application, document, and website opened by the employee, calculate the time spent for each item, and then sort the results for reports. This allows visualizing employee productivity for better analysis. But now, the architecture of E2EE in StaffCounter protects the employee name, and its productivity content from the StaffCounter server itself, since the content is encrypted always.
Example of Time Report with encrypted data:
In order to try the E2EE feature, you need to download the new StaffCounter Agent v. 9.2 for Windows with “End-2-End Encryption” support and follow the step described below.
Visit the profile section and click “Enable Encryption”. Please note this option will not affect existing devices with the old version of StaffCounter Agent.
Click Backup Keys to download the backup file for your Master Encryption Key. This will allows you to access your data in offline mode and also restore access to your account in case you forgot the password.
Download StaffCounter for Windows v.9.2 (beta) >
For Update – just reinstall StaffCounter over the existing version. For a fresh install – Install it and open StaffCounter in order to connect it to your account. Learn more about how to connect it.
When the device is added – it will start to upload only anonymous data about employee productivity in plain form, until you confirm the encryption for it, in the account profile, described in the next chapter.
After a successful update or installation of the new StaffCounter Agent application, you need to visit Dashboard again. You should see the notice to Confirm new devices with encryption support. Follow the confirmation link>
On the Profile page – Encryption section – check the new device and click Confirm Encryption.
Done. Within an hour the confirmation will be received by the StaffCounter agent app on the computer and it will start collecting and encrypting all productivity data according to the settings.
You will notice not many changes in your Dashboard and report despite all information being encrypted. This is possible with the on-the-fly decryption process right in Web Browser thanks to the Web Crypto API standard available in the majority of browsers like Chrome, Firefox, Opera, Safari, and others. The specially developed Java Script code works in the web browser and constantly decrypts all encrypted strings within a web page content returned by the StaffCounter service.
How does E2EE affect time tracking, productivity categorization, and productivity alert functionality?
Time tracking and productivity reports will work in the same way, but productivity rules need to be re-assigned.
In fact, the encrypted opaque data have an identical structure as clear text data. For example, before encryption StaffCounter uses the string “winword.exe” or “gmail.com” to calculate the total time spent in the application and assign the productivity category.
After encryption is Enabled, StaffCounter uses the tokenized strings that are looking as “w6Wd4SSxgK9EqmHuR4EAWw==” or “UssM8UxGazi4kDxn5JDO4g==” to calculate the same total time or assign the productivity category. This is possible because a single encryption key is used to encrypt all data uploaded by computers from a certain account/organization to StaffCounter Server. So the specific application name, title, or URL address maintains the same tokenized text form within the data of a single account. This processes encrypted data in the same way, but with the highest anonymization and privacy level.
Since the working folder of the Staffcounter program is visible to all users, if you do not enable encryption, then the logs and screenshots stored locally are available to all users. But after enabling encryption, they become unreadable. This will provide strong protection from insiders.
All reports generated to the account email will contain encrypted data. This allows the protection of confidentiality even after the data retention period in your organization.
In the Reports menu, Files and alerts, you can see mail reports in decrypted form.
StaffCounter allows downloading all data for a specific computer or department. This data includes a raw productivity log of user actions in chronological order and screenshots. With encryption enabled, this backup will be encrypted.
You can decrypt each file separately using the Open encrypted file command on the Files&alerts page.
On the next page, you will be able to save the decrypted file.
Managers with shared access can not see decrypted data yet. All the information will be in unreadable form.
In order to read the information, the director (the account granting access) must provide his encryption keys to the manager (the account received access). In the director’s account, on the Profile page, you need to back up the keys to a text file.
On the Tools tab, execute the Backup keys command
A JSON text file will be loaded. In this file, you will need to change the email address from the director’s address to the assistant manager’s address.
After that, the director must transfer this file to the manager. The manager, in his profile, also on the profile page, in the encryption section on the Tools tab, imports keys using the Restore keys command. The system will automatically log him out of the account. After re-entry, the director’s data will already be presented in decrypted form.
The E2EE functionality is open source and placed within the jsec.js file available online on data.staffcounte.net. Encryption is based on Web Crypto API available in the majority of web browsers and executed only in the Web Browser memory. StaffCounter service helps to store and exchange Public Keys and opaque encrypted data between the User account owner and computer with the StaffCounter Agent application.
StaffCounter End-2-End Encryption specification in brief:
- Each user account and StaffCounter Agents installed on computers generate its own RSA key pair with 2048-bit private and public keys.
- The user account owner generates a random AES 256-bit encryption key referred to as MasterKey.
- MasterKey is protected with a user account password by using PBKDF/AES-256 intermediate key and stored in the StaffCounter service as an encrypted blob.
- The user account encrypts MasterKey with RSA-SHA1 and sends it to computers by using the StaffCounter service as an encrypted blob.
- StaffCounter Agent encrypts sensitive information in productivity data with AES-256 bit MasterKey: application name, window title, URL address, keystrokes, clipboard, chat text, document name, screenshots, camera shots, and voice data. Meta-data such as the type of action, time, and duration are stored in clear form.
- PBKDF key derivation is used to protect the user account password and generate intermediate encryption keys.
- The user account password is never transferred to the StaffCounter server in clear form.
- Once enabled, data encryption can not be disabled in the StaffCounter account and Agent applications.
StaffCounter service does not perform crypto operations and stores only public keys or opaque encrypted data. We are working to continue improvements to allow user account owners to store MasterKey and respective RSA SecretKeys only in the browser memory of the trusted computer. Currently, we are working under the SafeJKA plugin for Web Browsers that will implement strong authentication and encryption ownership principle.
Unlike alternative solutions, StaffCounter additionally encrypts data on top of SSL/TLS transmission. Decryption happens only in the dashboard or dedicated productivity report pages when the account owner is authenticated. This process works in addition to standard SSL encryption.
Other Time-tracking services also encrypt screenshots and data before sending them to the server, but the server automatically decrypts it to store it in Database. StaffCounter saves and processes data in encrypted form because all data is encrypted with end-to-end encryption. This is a unique key differentiation. When end-to-end encryption is enabled – the StaffCounter backend server does not have access to your data in plain form. Only the account owner who knows the password will be able to see plain data.