From: <djg2120@columbia.edu>
  To  : <CPC@emoglen.law.columbia.edu>
  Date: Wed, 12 Apr 2006 02:06:55 -0400

[CPC] Online surveillance in the workplace

Monitoring Employee Communications in the Enterprise

Sci-Tech Today
By Jack M. Germain
April 10, 2006 7:00AM

As the number of workers using the Internet for pleasure as well as
business grows, so does anxiety among corporate higher-ups worried
about productivity and exposure to security risks.

Many executives and managers have turned to computer surveillance.
Low-cost technology is making it easier than ever for businesses of
all sizes to monitor computer misuse among employees.

The market for this so-called secure content-management software --
which includes applications that monitor Web surfing, e-mail,
instant messaging, and even keystrokes -- is expected to grow to
$6.4 billion by 2007, more than double what it was just three years
ago, according to the research firm IDC.

"The use of corporate management of employee use of the Internet is
widespread today," said Mike Newman, vice president and general
counsel at Websense, a company that makes Internet and desktop
security software. "More than half of the Fortune 500 firms alone
use our Web-filtering products."

High Stakes

The Internet can be tempting to workers who would rather check out
eBay than check in with their clients. But by giving employees
unmonitored reign over instant messaging, personal e-mail, file
downloading, and virtual window shopping, I.T. managers and CIOs
risk getting more than they bargained for.

In addition to lost productivity and wasted bandwidth resources,
companies can be held liable for a broad range of misconduct that
includes sexual harassment and the use of unlicensed software.

The proliferation of spam is also a huge concern, as it not only
consumes valuable I.T. resources, but can also expose a company to
legal liability if people find the unwanted messages offensive.
Workers also risk introducing viruses into the corporate network by
downloading unauthorized files.

The possibility of sensitive corporate data being lost or stolen
outright is also feeding the upswing in workplace surveillance.
Technology such as USB drives and digital-camera storage media make
it easier than ever for workers to find, store, and swap
information.

Corporate America is paying attention. A 2005 report by Proofpoint,
an e-mail security company, found that 63 percent of companies with
1,000 or more employees either use or plan to employ staff to look
at outbound e-mail. A similar study by the American Management
Association found those numbers to be 52 percent in 2003 compared
to 24 percent in 2001.

Sensitive Issue

While the percentage of employees with Internet access at work has
remained largely unchanged, more employees are using the Net on the
job even if their activities are not work-related.

 Websense, which interviewed 350 I.T. managers and 500 employees for
a May 2005 survey, found a blurry line between work and play. Half
of the respondents said their Web surfing on the job was a mix of
work and personal use, and of those employees who admitted to
personal use, 52 percent stated that they would rather give up
their morning coffee than go without Internet access.

In fact, 93 percent of employees surveyed said they spent at least
some time accessing the Internet at work, up from 86 percent in
2004. The most popular Web-site categories unrelated to work were
news (81 percent), personal e-mail (61 percent), online banking (58
percent), travel (55 percent), and shopping (52 percent).

The rationale behind monitoring employees, according to Newman, is
that a computer at work is a corporate tool for enhancing the
employee's productivity. Because some people abuse that privilege
by sending personal e-mail and viewing movies during working hours,
employers feel they have little choice but to monitor what their
workers are doing.

"Most companies are very clear with the Internet-use policies. The
company owns the computer system and the network. Clearly, there is
no expectation of privacy on the part of the workers," Newman said.

Precedent-setting litigation would seem to back up that claim.

It's All Nice and Legal

Traditionally, courts have sided with employers in privacy suits
filed by workers.

In 1993's Bourke v. Nissan, plaintiffs Bonita Bourke and Rhonda Hall
alleged that Nissan wrongfully fired them after their bosses
accessed, printed, and read their e-mails at work. A trial court
upheld the auto maker's contention that the plaintiffs had no
reasonable expectation of privacy in their e-mails.

In 1996, Michael A. Smyth sued Pillsbury after he was fired for
transmitting "inappropriate and unprofessional" comments to his
supervisor over the company's e-mail system. Smyth said the
company's actions invaded his privacy, but the U.S. District Court
for the Eastern District of Pennsylvania ruled in favor of
Pillsbury.

According to Richard Corenthal, a partner in the New York law firm
of Meyer, Suozzi, English & Klein, P.C., federal law clearly
establishes employers' rights to monitor e-mail.

"Once that is in place and the policy is provided to the employees,
they effectively have no recourse," Corenthal explained. "Nor is
there any expectation of privacy in the workplace."

The advocacy group Privacy Rights Clearinghouse counsels visitors to
its Web site that if an e-mail system is used at a company, the
employer owns it and can review its contents: "Messages sent within
the company as well as those that are sent from your terminal to
another company or from another company to you can be subject to
monitoring by your employer." According to the privacy rights
organization, the employer can also monitor Web-based e-mail
accounts such as Yahoo and Hotmail, as well as instant messages.

 But employers would do well to exercise some restraint, lest they
create problems by improperly monitoring workers' e-mail accounts.

"There are some interesting twists to the question," Corenthal said.
"For example, policies must be evenly enforced or otherwise the
employer might be the subject of a discrimination claim.”

Meeting Halfway

One approach gaining favor in some corporate circles is to set aside
time for workers to surf the Web or take care of other business
online, reducing the likelihood that they will shirk their
responsibilities on the job.

"A company can give its employees quota time to look at various Web
sites," Websense's Newman said. "Then there is no need to monitor
their activities since the amount of time is regulated. A company
can also grant unlimited access to workers during certain times of
the shift when bandwidth issues are less of a concern."

Christine Liebert, a senior analyst at the consulting firm Yankee
Group, agreed that such shared-use strategies could become a viable
solution to any unpleasantness generated by spying. Even if workers
did not agree to such self-imposed limitations, I.T. departments
could routinely put bandwidth-shaping and application-shaping
software in place to manage these limits, she said.

And software could continue to maintain controls that protect the
company from security risks. Websense, for example, has a pop-up
feature notifying a worker that the requested Web site is not
work-related. It then asks the employee if he or she wishes to use
some of the allotted quota time.

"Employees are aware of the limitations placed on them," Newman
said. "We use this same software internally at Websense. I don't
mind it."

http://www.sci-tech-today.com/story.xhtml?story id=02200000JVV6&page=3
          
Dan Grimm
djg2120@columbia.edu

-----------------------------------------------------------------
Computers, Privacy, and the Constitution mailing list