[sam0x17]

Regardless of whatever wording you have included in your employment agreements, your statements on the matter indicate that you are surveilling your employees without their knowledge. Your public comment to that effect could actually be used in court to throw out whatever wording you have in your agreement, as your statement nullifies the assumption that your employees have read the agreement (you don't believe any of them have, and you believe the wording that is there is vague enough that they are unware of any actual surveillance -- this is damning as it is exactly what a prosecutor would have to prove in this case, and you have openly admitted it). Don't worry I already archived the original thread and included it in my report to the FBI.

When your employees bring a WFH device into their home, and your spyware collects metadata on their keystrokes, you are in violation of federal wiretapping law as you are collecting metadata from within their private home network and exfiltrating it through connections not initiated by the employee and without their consent or notification.

By law you must indicate to your employees that you collect metadata on their keystrokes (under privacy laws, this is still just private information in aggregate). Every time one of your employees enters private information or logs into their bank on their WFH device, and you log your metadata on these keypresses, you are committing another felony. Even the DoD has to provide a warning every time you log into a DoD system describing the surveillance being used on the device.

Depending on your employees' locations, this may also be a GDPR violation.

There are also numerous export control laws governing surveillance software that you may or may not be in violation of depending on your location. This is why obtaining this kind of software is difficult, especially in the EU.

People like you should be afraid, not your employees.