my boss wrote a poem about us but left people out, I doubt my boss’s nephew is really a genius, and more

It’s four answers to four questions. Here we go…

1. My new boss wrote a poem about our team … but only some of us

My company has an annual team-building outing, which is traditionally the occasion for higher management to express their gratitude to the employees. At least, that was what I was picking up from the trip, as I’ve only started working here recently.

One of the gestures my grandboss made to express her thankfulness for us was to write a poem about our hard work. The thing is, she manages two teams— let’s call them team A and B — and her poem was only about team A.

I’m on team B. To be fair to her, my team was part of team A until pretty recently, and we are comprised mostly of newbies, my boss included. Because of the nature of our work, we do not interact with our grandboss as much as team A. Still, it’s hard not to feel slighted when her poem listed out the names of every single member in team A, and not once mentioned the people in team B. All her other gestures addressed her employees as a whole, but the poem made me wonder if she only intended her praises and encouragement for team A.

She’s been a stellar supervisor otherwise, and neither of my teammates nor my boss seem to be bothered by the, in my opinion, preferential treatment. Should I just let it go?

I feel like it’s something important to bring up though, mostly because it reflects poorly on her as a manager. How do I bring this issue up delicately? Should I speak to her privately or should I give my feedback during the annual manager review? Or again, is it this worth making a big deal at all?

Let it go. It’s true that big public expressions of appreciation shouldn’t favor only some of the people a manager manages (unless it was specific to a project they did or something like that). But I can see this happening if she knows Team A well and has worked with them a long time, and those things aren’t true yet of Team B. It still wasn’t very graceful, but it’s not a big enough deal to raise with her; if you do, you risk looking a little precious, especially as a new employee.

You say she’s been a great manager otherwise, and that’s more important.

2. Employer is requiring us to install software on our personal computers

I am a doctoral student at a major U.S. university. Everyone in my grad program is employed by the university in some capacity: some of us teach classes; others are hired as researchers. However, this doesn’t function like a normal workplace in many ways, including that there are no work computers provided. This is a huge expense for people, and unfortunately it’s very common in academia.

The other day, we received an email from IT that all university devices will be required to have a particular antivirus software installed on them. I thought, no problem, I don’t have a university device. But then I read the fine print and realized their definition of “university device” covers any personal device used for university business — which includes all of our personal computers.

Apparently if we don’t comply by a certain date, our devices will be locked out of the campus wifi and other essential campus IT infrastructure. The justification given is that other devices in a network could be compromised if one insecure device is hacked. That may be true! But the particular software (there are no alternative options) brags of its AI virus detection, and apparently, if the AI erroneously blocks a legitimate program we’re trying to download, we can contact IT to have it unblocked within 48 hours. (48 hours???) It also says that the software does not share personal data … except in cases where “adverse events” are detected, and they are extremely vague about what would constitute an adverse event.

I am deeply uncomfortable with this. As a matter of principle, I’m grossed out by the lack of ethical oversight of AI and would like to opt out as much as I can. More to the point, this is my personal computer! I use it for, well, very personal things that I really don’t want my employer to see (outside of work time, of course!) The university has not given me reason to trust their judgment in the past, and I don’t trust that this software will keep my data private. I also have my own risk tolerance for downloading open-source software from the internet, and I don’t relish having to go through IT to get downloads unblocked, especially if they have nothing to do with work.

Do I have any options? Obviously, this is what work computers are for, but there’s no funding for them and I can’t afford to buy a second laptop. (Nor can most of my peers! People are already using absolutely ancient laptops because they couldn’t afford new ones in the first place.) We do have a union, which I am active in, and there’s a possibility that we could push back collectively on this, but the timeline for getting it resolved is likely to exceed the time they’ve given us to comply with this order.

Also, nobody else seems to be upset. Did they just not read the email? Am I wildly overreacting? Maybe this is just a necessary change to the technology … but I feel very trapped.

You’re not overreacting; this is a massive overreach with significant privacy implications for your personal devices. It would be different if these were work-provided computers, but they’re not. And I suspect the reason no one else is upset is because they didn’t pay much attention to the email or haven’t thought through all the implications.

Legally, you don’t have much to stand on. Employers can require you to use your personal devices, and they can require you to install all sorts of invasive programs when you do. But you potentially have power in numbers, if enough of you push back on this. Talk to your union, and talk to your colleagues. Spell out exactly what they’re agreeing to if they install this software. (And why is it not an option to simply agree to install anti-virus software on your device that you select and control? That’s what I’d push for.)

3. I doubt my boss’s nephew is really a genius

My boss has hired her nephew to work part-time in our department. He’s 18 years old, fresh out of high school and I believe this is his first job (we do accounts receivable for a 2,500-person company). There are two supervisors in our department, me and another person. My boss made her nephew my direct report (without even discussing it with me!) and he is my only direct report; the other supervisor has no direct reports at all.

My issue with is probably not a big deal, but I’m still annoyed. At least once a week my boss refers to her nephew as a genius (“Genius Nephew has come up with a more efficient way to do X!” or “Nephew had a genius idea about Y!”) and it really annoys me; sure he’s smart enough I guess, but I doubt he’s actually a genius.

I am very hesitant to bring it up to my boss herself because when I’ve brought up other issues regarding the nephew in the past, she has justified his behavior even though one example of what he did (pushing off his research onto another department) is something she has expressly told the rest of us that we are not to do.

With some recent reorganizations, my boss has a new boss and honestly I would love to bring this up with him and hopefully he would see this situation as problematic and then we could hire someone other than my boss’s nephew, who would be able to work full-time AND not be the boss’s nephew OR my direct report.

Should I even bother to bring this up with my grandboss or should I just internally roll my eyes and let it go?

The issue is less that your boss thinks her nephew is a genius and more that she hired her nephew to work under you, which puts you in an impossible situation as far as managing him goes. The genius stuff is a subset of that larger problem; it shows a bias in his favor that’s probably connected to their familiar relationship, but even if she weren’t so effusive about his incredible brain, hiring him into her chain of command would still be a problem.

So yes, talk to your boss’s new boss! He may not even realize that your boss hired her own nephew and stuck you with managing him, so lay out the situation for him and whatever problems you’ve seen so far.

4. Hot desking and when to clock in

I recently started working at a place with a hot desk, and clean desk, policy. At the end of the day, we put our laptop, notebooks, etc. in our individual lockers, and at the beginning of the day we take our things out of our lockers and set them up at our usually-new desks. I have no issues with this: we only have to be in the office two days a week, and get to work from home the other three days, so this like a perfectly fair compromise to me.

My question is: should the time I spend setting up my things when I arrive, and putting away my things when I leave, be counted as working time? We use timesheets to clock in and out every day.

In past jobs I’ve counted my clock-in time as being when I’m logged in and online, but that’s in jobs where I’m always at the same desk so am not required to set up every day. It doesn’t take that long (probably five minutes on either end), but I’d still like a definitive answer. Thoughts?

It should be paid time. Federal law requires you to be paid for activities before and after your work shift if they are “an integral and indispensable part of the principal activities” for which you’re employed. An activity is integral and indispensable if it is “one with which the employee cannot dispense if they are to perform their principal activities.” You need to set up your work station in order to perform your job, and you are required to put things away when you leave, so doing that should be paid time.

{ 27 comments… read them below or add one }

  1. Daria grace*

    #1 personally I would have been glad to not be name checked in an awkward poem.

    #2 if they really did care about compromised devices compromising other parts of the network they would provide properly locked down work computers. With or without sketchy anti-virus software there is always going to be huge risks inherent in a bring your own device policy, especially when many people are using older devices. They don’t get to compromise your personal device because they aren’t willing to spend the money it takes to set up proper secure IT arrangements.

    Also inclined to side eye this as I’m assuming undergrad students are connecting their own devices to the network all the time and don’t have this software (or often any anti-virus at all)

    Reply
  2. nnn*

    #2: As an interim approach, if you find yourself stuck with no choice but to install their software, is it possible to create multiple accounts on your computer and only run the software in one account, which you use to connect to the campus network? Or disable the campus anti-virus software and enable your personal anti-virus software when you’re on a personal account working with personal information?

    Reply
    1. Loz*

      That was going to be my suggestion too.
      Additionally,
      a) Given it’s your device, you are able to make the work account with fewest privileges required, i.e. non-administrator.
      b) Highly recommended that if your personal stuff might include the odd adult website, then make a new account for that, also with low privileges and don’t install/use things like email etc.
      c) Make an account with admin access to allow you to manage the other accounts. Including disabling their virus checker and activating yours when you’re not on work time.

      Reply
    2. Bilateralrope*

      That might depend on how deeply the antivirus software embeds itself into the OS. Also, running multiple antivirus programs is a bad idea as they will conflict with each other.

      So I’d suggest that the LW assumes that, if this antivirus gets installed, it will be running constantly until it gets uninstalled. Also, if it’s badly made, uninstalling it might require wiping the drive and reinstalling the OS.

      Reply
    3. AcademiaNut*

      I was thinking a raspberry pi (a very tiny computer used by hobbyists) for about $30, basic Linux installation and use it as a wifi hotspot.

      Reply
    4. Roxaboxim*

      A more radical technical solution would be to create two partitions, one for work and one private. Make sure the work partition dosn’t auto-mount the private partition.

      Reply
  3. BigLawEx*

    #2 I’m outraged on your behalf. I love all sorts of side projects and install open source software all the time. I spent an hour of my evening looking for and installing software to replace the other open source software that’s been abandoned and no longer operates after recent updates. I love this part of my life and can’t imagine having to bargain with IT on whether or not my side projects are worthy of being unblocked. 48 hours! I’d have lost my mind if that happened.

    All that *plus* AI. Noppity, nope, nope.

    TBH I’d push back very, very hard. I’m sorry it’s come to this, though.

    Reply
    1. Bilateralrope*

      All that stuff you’ve heard about AI misbehaving in the last few years has been from generative AI. Other types of AI are more reliable.

      So, if this antivirus provider is competent, we might be looking at AI that has been reliably detecting questionable code for years without much fanfare. Until marketing decided that talking about AI means more sales.

      It seems best to stick to the provable problems with this antivirus software for any pushback.

      Reply
      1. TigressInTech*

        Yeah, I started my grad degree in computer science two years ago and can confirm that even then, machine learning algorithms for categorizing things were mostly just called “machine learning”. “AI” is a much more marketable label now, but it’s still largely the same algorithms. There are enough issues with this requirement (particularly at the university level, where many people use open source code and resources for research) without having to argue about the AI label.

        Reply
        1. Coverage Associate*

          This. I am not even sure how generative AI would be applied in the anti virus context. Antivirus software doesn’t generate anything. We don’t call motion sensor gates or gates on timers or even home systems that “learn” your routine to set timers automatically “AI,” and antivirus software is like a security guard for your hard drive, not a personal assistant taking notes or something else with an end product.

          Reply
        2. Steve for Work Purposes*

          Yeah same, some of what I do is being called “AI” in grants/internal discussion but it’s just machine learning algorithms for classifying stuff like “we put accelerometers on animals to understand activity patterns and this pattern of accelerometer data means the animals are doing X” or computer vision stuff like analysing trail camera footage to classify what animals are passing by. It’s not generative AI at all, and I find myself having to clarify that what I do is the good kind of AI.

          Reply
  4. Kyle S.*

    LW#2, as a University employee you are surely aware of FERPA. In addition to the standard concerns around data breaches, students have particular legal rights to the security and privacy of their PII. The University must implement policies to defend against reasonably foreseeable ways this privacy could be violated. That means anti-virus software that the IT department can verify is up-to-date and working.

    The only reasonable option for LW#2 is to request the university provide them a laptop.

    Reply
    1. Silver Robin*

      but did they cite ferpa? and does LW have access to protected information? grad students who do not teach and are just doing research or similar might not actually be looking at student records or have any ability to

      Reply
      1. StudentInfo*

        Grad students are still students and their information related to their own education (surely on the same computer) is also subject to FERPA privacy requirements.

        Also, even if this particular grad student isn’t teaching, most grad student jobs are teaching or being a TA (in the first few years, at least) so it’s very likely they’ll have other student’s info on their machine (which, in of itself, seems like a reason not to work on their own computer).

        Reply
    2. not like a regular teacher*

      Yeah, I’d be more concerned about the antivirus software is itself FERPA-compliant. At my org (which isn’t governed by FERPA) we’re not allowed to use generative AI in any context that does or could involve confidential information of any sort.

      Reply
      1. Adam*

        Antivirus isn’t going to be using generative AI. Most likely it’s just a marketing-adjusted term for the same kind of matching they’ve been doing before, but labeled “AI” because AI is hot right now.

        Reply
  5. The teapots are on fire*

    LW#2, I’d suggest you band together to push for a virtual desktop client you log into from a Web browser. It’s more secure anyway and compatible with most ancient computers. The licensing and administration will be expensive but so is having multiple members of your union arrange to call IT multiple times a day for work and personal web site access.

    Reply
  6. Bilateralrope*

    #2

    One big problem with letting people choose their own anti-virus software is that some of them are much worse than others and which one that is varies from year to year. Which means that any employer who is serious about protecting the computers used for work should research them, create a list of known good antivirus software, then mandate that everyone uses something from that list.

    If the employer is paying for it, then it’s probably cheaper to keep that list as short as possible.

    Reply
    1. Coverage Associate*

      This, but the employer also has to be sure that the anti virus software selected by each employee is running at all required times. I don’t know a lot about how the university is going to check that every computer logging into the university WiFi is running the single chosen software, but I imagine it’s easier to have WiFi check for one program rather than one of several.

      Reply
      1. Bilateralrope*

        If I was requiring antivirus software, “all required times” would be any time that the computer is running. Anything less gives an open for ransomware or copying data.

        Reply
  7. Star Trek Nutcase*

    I wasn’t aware an employer can legally require an employee to use personal devices for work. I’m probably in the minority but it would be a cold day in hell that I did that – and even colder before I let a work program be installed. I’m pretty conflict adverse but I’d not comply and just drag out things (acting stupidly incompetent can do wonders) until I found a different job. I’m willing to sacrifice significant privacy to benefit security (personally or collectively) but to benefit a cheap-ass employer who won’t provide work devices? No, hell no.

    Reply
    1. Elsa*

      Letter #2 is not at all a standard case of employer and employee. The OP is a graduate student at a university, and also does some TA-ing or similar for the university. I know that when I was a grad student, my responsibilities as a TA were a pretty minor part of my week – I was primarily working on my own coursework. So the question here is whether universities should provide computers for their students, which I believe is uncommon.

      Reply
      1. Coverage Associate*

        I would be interested if the handful of state laws where employers have to compensate employees for use of employees’ devices even applies here. There are historically lots of exceptions to those types of laws in the graduate and professional school contexts. Just ask a medical doctor who’s been practicing for a few decades.

        Reply
  8. Wonderland*

    #2 is what “reply all” is for.

    Union + sharing your concerns widely + accepting no using the university WiFi between the over zealous it security professional ‘s installation date and when the matter is resolved (I’m old enough to remember offline software and hotspots from my phone, these solutions may not work/be available to you but thought I’d share why I don’t see WiFi as 100% essential).

    Also, what are they doing about alle the students logging into the WiFi? can you not log in under that capacity?

    Reply
  9. knave*

    Wait… when I worked at a well known major food chain, we had to arrive with enough time before our scheduled shift start to put our things away and change into our uniform shirts/aprons/hats (which were involved to assemble and could not be taken home). So like if our shift was at 10, we had to arrive at 9:45ish so we could be uniformed and ready to go to clock in at 10. That was company wide but apparently illegal.

    Reply
  10. Granada*

    #1 Not to the extent of a poem, but I had a grandboss who brought a team with her when she moved over to managing our three teams. She clearly knew them better, had in-jokes etc and I thought it was poor judgement to allow that to be so obvious. But exactly like your colleague she was otherwise great, and it wasn’t my place to say anything.
    I also had some sympathy for the fact that when she tried to lighten up deathly cross-team meetings she reached for the people she knew to have a bit of banter (that theoretically anyone could then join in with).

    Reply
  11. Artemesia*

    While there is no option for #1 but suck it up, it does hurt and really shows huge insensitivity on the part of the boss. When I was a new HS teacher the principal put out a Christmas letter in which he talked about the contributions of faculty of which there were about 90. I read the letter of course looking for my name. He mentioned about 70 people by name and something about what they had done that was admirable that year — but not me and not maybe 20 or so of my colleagues. I remember the wave of misery when I realized that in something so apparently inclusive I was not included. No one should do something like this which includes most but leaves out some. It would have been different if he had singled out 5 people who did something amazing — but dozens and many of them for fairly trivial ‘achievements’ meant that the handful left out were so unmemorable that he couldn’t come up with a thing.

    He was a great boss. He stood behind me when there was a conflict later that year and I have always considered him a good leader. But that incident really burned. I think he just got tired and quite, but it was a real misjudgment of an otherwise terrific boss.

    Reply

Leave a Comment

Before you comment: Please be kind, stay on-topic, and follow the site's commenting rules.
You can report an ad, tech, or typo issue here.

Subscribe to all comments on this post by RSS