Surf Warning
Firing off a racy e-mail to a co-worker? Searching for the perfect lemon souffle recipe on the World Wide Web on a slow day? Consider this: Your employer could be reading that slightly embarrassing message or noting how often you visit Web sites for no apparent business reasons.
They call them “personal” computers. But federal and state courts have ruled repeatedly that in the workplace, your computer is anything but personal or private. In fact, what you message fellow employees or which Web sites you visit on the Internet may be grounds for firing--even if your employer has said your communications are private.
Welcome to the flip side of cyberspace access for the American worker: loss of privacy.
Employers fear lost productivity and liability in sexual harassment suits filed by workers who may be offended at what co-workers download from the Web or send via e-mail.
Aided by ever more sophisticated software and consulting firms that specialize in computer security, employers are more frequently monitoring how their employees use workplace computers. They can determine how many keystrokes someone makes each hour and how that rate compares with co-workers. They can trace and reconstruct long-deleted e-mail trails. They can block access to Web sites they deem inappropriate. They can take offense at jokes that contain racial slurs or sexual innuendo.
“There are vendors going around saying to employers: ‘You can do this [monitor] cheaply. Everyone is doing it,’ ” says Evan Hendricks, editor of the Privacy Times newsletter. “It is a form of social control over workers.”
Too often, Hendricks says, monitoring becomes a fishing expedition.
Given the liabilities employers face, they have little choice but to monitor employee activity on the Internet and even in interoffice communications, says Larry Fineran, a spokesman for the National Manufacturers Assn. in Washington.
And given the technology available to employers, every employee should assume that his or her interaction with a workplace computer is happening in plain view of the boss.
“There is a sense out there that the computer is a private work space,” Fineran says. “But why is it your private work space if you’re using your employer’s computer on his time?” Companies should tell employees when they are hired, Fineran says, “that the employer has the right and the ownership of the data, and you have no expectation of privacy.”
Sound like a hard-line position? The courts don’t think so. Again and again, says Lewis Maltby, director of the Workplace Rights office of the American Civil Liberties Union, employees who sue their employers for invasion of privacy involving computers have lost in court.
“At the rate we’re going, privacy will be as extinct as the dinosaur in our lifetime,” Maltby says. “People work in ways today that make it much easier for employers to spy on them. If you’re communicating through the U.S. mail, it is much harder for your employer to read your mail. With e-mail, it is so much easier.”
A recent survey by the American Management Assn. of its members found that at least a third of all employers are engaged in some sort of electronic surveillance of employees. Such figures have ignited a national debate between employers who say the monitoring is necessary and employees and privacy advocates who argue that it should at least be more selective and that too much monitoring not only tramples privacy rights but hurts worker productivity.
“Studies have shown that in workplaces where there is a great deal of surveillance, workers are not so productive,” argues Marc Rotenberg, author of “Technology and Privacy: The New Landscape.” In fact, he says, some employers have found that their workers become so incensed by heavy-handed monitoring that employers are electing to do less of it than technology allows.
“In the high-tech sector,” Rotenberg says, “a lot of companies really don’t do very much monitoring of their work force. Job performance is monitored by what people produce in the end, rather than what they produce by the hour.”
Most employers, says Rotenberg, who is also director of Computer Professionals for Social Responsibility--a Washington nonprofit organization that promotes privacy in the Information Age--”aren’t particularly interested in monitoring for the sake of monitoring. Most are interested in getting the work done and making some money. Monitoring can become a distraction too.”
Rob Enderle agrees. A consultant working for Giga Information Technology, an information technology firm with offices in Santa Clara, Enderle says that employers need to inform workers upfront that they are monitored, or risk undermining morale.
“What we advise is, if there is not a problem, don’t invest a lot of resources in fixing it, or you can create a backlash among employees,” Enderle says. “We say, ‘If you explain upfront what sort of behavior won’t be tolerated, then you probably won’t get that behavior, and you won’t get the emotional backlash . . . when [employees] find out they’ve been monitored.’ ”
But even when companies send out memorandums or install warnings that appear on computer screens every time an employee signs on, some people persist in treating workplace computers as inviolable.
At Chevron Corp. in San Francisco, computer security analysts were shocked to learn, in a general survey of Internet usage administered in the last quarter of 1997, that 46% of usage fell into the broad category of “nonbusiness.” That included 5% that appeared to be for the purposes of reading or downloading sexually explicit information, says Rich Bowman, a specialist in information protection for the company.
“We found it amazing,” says Bowman, who notes that the company has had a policy for several years restricting Internet access for nonbusiness purposes. An investigation revealed that the figures were partially distorted because “one man’s business is another man’s monkey business,” Bowman says. Some workers, he says, were legitimately cruising Web sites for business purposes that the technology division regarded as nonbusiness Web sites.
“We’ve made our categories a bit broader now,” to include news sites as business, for instance, Bowman says.
But he was at a loss to explain why someone would continue to visit forbidden Web sites from their workplace computers after being warned that such behavior could put their jobs at risk.
“Maybe it is because people tend to think of this as a personal computer,” Bowman says.
He also points out that the Internet is vastly different from other avenues of communication, such as the telephone. When you dial a phone number, you make one contact and hang up. Once on the Web, you can surf from one site to another, and that can sometimes lead to trouble.
“It is easy to wander into an inappropriate area,” Bowman says. “That’s one of the features of the Web, and that can be dangerous when you run up against corporate policy.”
Hendricks, the privacy advocate, offers this advice to anyone wondering exactly how to use his or her workplace computer:
“It’s the same advice my mom’s mom told her about snail mail 70 years ago: ‘Don’t write anything that you wouldn’t want to read before a judge and jury.’ ”
