Jack M. Germain, newsfactor.com
As the number of workers using the Internet for pleasure as well as business grows, so does anxiety among corporate higher-ups worried about productivity and exposure to security risks.
Many executives and managers have turned to computer surveillance. Low-cost technology is making it easier than ever for businesses of all sizes to monitor computer misuse among employees.
The market for this so-called secure content-management software -- which includes applications that monitor Web surfing, e-mail, instant messaging, and even keystrokes -- is expected to grow to $6.4 billion by 2007, more than double what it was just three years ago, according to the research firm IDC.
"The use of corporate management of employee use of the Internet is widespread today," said Mike Newman, vice president and general counsel at Websense, a company that makes Internet and desktop security software. "More than half of the Fortune 500 firms alone use our Web-filtering products."
High Stakes
The Internet can be tempting to workers who would rather check out eBay than check in with their clients. But by giving employees unmonitored reign over instant messaging, personal e-mail, file downloading, and virtual window shopping, I.T. managers and CIOs risk getting more than they bargained for.
In addition to lost productivity and wasted bandwidth resources, companies can be held liable for a broad range of misconduct that includes sexual harassment and the use of unlicensed software.
The proliferation of spam is also a huge concern, as it not only consumes valuable I.T. resources, but can also expose a company to legal liability if people find the unwanted messages offensive. Workers also risk introducing viruses into the corporate network by downloading unauthorized files.
The possibility of sensitive corporate data being lost or stolen outright is also feeding the upswing in workplace surveillance. Technology such as USB drives and digital-camera storage media make it easier than ever for workers to find, store, and swap information.
Corporate America is paying attention. A 2005 report by Proofpoint, an e-mail security company, found that 63 percent of companies with 1,000 or more employees either use or plan to employ staff to look at outbound e-mail. A similar study by the American Management Association found those numbers to be 52 percent in 2003 compared to
24 percent in 2001.Sensitive Issue
While the percentage of employees with Internet access at work has remained largely unchanged, more employees are using the Net on the job even if their activities are not work-related.
Websense, which interviewed 350 I.T. managers and 500 employees for a May 2005 survey, found a blurry line between work and play. Half of the respondents said their Web surfing on the job was a mix of work and personal use, and of those employees who admitted to personal use,
52 percent stated that they would rather give up their morning coffee than go without Internet access.In fact, 93 percent of employees surveyed said they spent at least some time accessing the Internet at work, up from 86 percent in
2004. The most popular Web-site categories unrelated to work were news (81 percent), personal e-mail (61 percent), online banking (58 percent), travel (55 percent), and shopping (52 percent).The rationale behind monitoring employees, according to Newman, is that a computer at work is a corporate tool for enhancing the employee's productivity. Because some people abuse that privilege by sending personal e-mail and viewing movies during working hours, employers feel they have little choice but to monitor what their workers are doing.
"Most companies are very clear with the Internet-use policies. The company owns the computer system and the network. Clearly, there is no expectation of privacy on the part of the workers," Newman said.
Precedent-setting litigation would seem to back up that claim.
It's All Nice and Legal
Traditionally, courts have sided with employers in privacy suits filed by workers.
In 1993's Bourke v. Nissan, plaintiffs Bonita Bourke and Rhonda Hall alleged that Nissan wrongfully fired them after their bosses accessed, printed, and read their e-mails at work. A trial court upheld the auto maker's contention that the plaintiffs had no reasonable expectation of privacy in their e-mails.
In 1996, Michael A. Smyth sued Pillsbury after he was fired for transmitting "inappropriate and unprofessional" comments to his supervisor over the company's e-mail system. Smyth said the company's actions invaded his privacy, but the U.S. District Court for the Eastern District of Pennsylvania ruled in favor of Pillsbury.
According to Richard Corenthal, a partner in the New York law firm of Meyer, Suozzi, English & Klein, P.C., federal law clearly establishes employers' rights to monitor e-mail.
"Once that is in place and the policy is provided to the employees, they effectively have no recourse," Corenthal explained. "Nor is there any expectation of privacy in the workplace."
The advocacy group Privacy Rights Clearinghouse counsels visitors to its Web site that if an e-mail system is used at a company, the employer owns it and can review its contents: "Messages sent within the company as well as those that are sent from your terminal to another company or from another company to you can be subject to monitoring by your employer." According to the privacy rights organization, the employer can also monitor Web-based e-mail accounts such as Yahoo and Hotmail, as well as instant messages.
But employers would do well to exercise some restraint, lest they create problems by improperly monitoring workers' e-mail accounts.
"There are some interesting twists to the question," Corenthal said. "For example, policies must be evenly enforced or otherwise the employer might be the subject of a discrimination claim.
Meeting Halfway
One approach gaining favor in some corporate circles is to set aside time for workers to surf the Web or take care of other business online, reducing the likelihood that they will shirk their responsibilities on the job.
"A company can give its employees quota time to look at various Web sites," Websense's Newman said. "Then there is no need to monitor their activities since the amount of time is regulated. A company can also grant unlimited access to workers during certain times of the shift when bandwidth issues are less of a concern."
Christine Liebert, a senior analyst at the consulting firm Yankee Group, agreed that such shared-use strategies could become a viable solution to any unpleasantness generated by spying. Even if workers did not agree to such self-imposed limitations, I.T. departments could routinely put bandwidth-shaping and application-shaping software in place to manage these limits, she said.
And software could continue to maintain controls that protect the company from security risks. Websense, for example, has a pop-up feature notifying a worker that the requested Web site is not work-related. It then asks the employee if he or she wishes to use some of the allotted quota time.
"Employees are aware of the limitations placed on them," Newman said. "We use this same software internally at Websense. I don't mind it."
Copyright 2006 NewsFactor Network, Inc.
NOTE: For more telecom/internet/networking/computer news from the daily media, check out our feature 'Telecom Digest Extra' each day at