IT IS one of the biggest corporate scandals of the year: Hewlett-Packard chairman Patricia Dunn allegedly enlisted private investigators to spy on members of the HP board and several journalists to figure out who was leaking boardroom secrets. The investigators are said to have tricked reps at phone company AT&T into handing over the call records of their targets. Dunn has now resigned and California鈥檚 Attorney General is considering bringing criminal charges.
While HP鈥檚 top brass has been grabbing headlines, hundreds of corporations are routinely spying on their employees without attracting media attention. Sometimes companies keep tabs on employees by hiding cameras in lavatories, or tracking company cars using hidden GPS devices. Most often, however, corporate surveillance consists of logging everything employees do on their computers, from instant messaging, to emailing to browsing the web. Such wholesale monitoring is commonplace at firm such as household products maker Procter & Gamble, Bank of America, net giants Yahoo and Google, and healthcare provider Kaiser Permanente. And people are seldom told they are being watched.
Meanwhile, an increasingly mobile workforce is blurring the line between work and private time: log into work computers from home and employers can track what blogs you create, sign into or post to, or what you write on newsgroups, even outside work hours. Suddenly, online private lives are becoming company business.
Advertisement
Kaiser spokesman Matthew Schiffgens thinks workplace internet monitoring by IT departments is fair enough. 鈥淚f something you鈥檙e doing [on your work PC] isn鈥檛 related to work, you shouldn鈥檛 do it,鈥 he says. Yahoo鈥檚 employee handbook echoes this: 鈥淢anagement, or a designee, may review or monitor email messages and traffic, review records of telephone usage, and inspect the contents of file cabinets, disk drives, desks, offices, etc (even if locked).鈥
According to Jeremy Gruber, legal director of the National Workrights Institute based in Princeton, New Jersey, US companies can legally watch everything employees do 鈥 and only two states require employers to tell workers they are under surveillance. Yet there are laws that prevent employers from listening to employees鈥 personal phone calls made at work. So why no such protection for employees who might send a personal email or check an online auction鈥檚 status during their lunch break?
鈥淟egislatures are slow to address changes in technologies,鈥 Gruber says. 鈥淭here鈥檚 simply been no federal response to the problem of computer monitoring.鈥
In this regulatory vacuum, a sizable industry has sprung up to offer software that monitors employees. One leader in the field, Wavecrest Computing of Melbourne, Florida, sells a product called Cyfin that tracks everything employees do online. Clients include oil giant ExxonMobil, UK telecoms firm BT and the US Department of Justice. Wavecrest spokesman Dennis McCabe says Procter & Gamble is also one of its largest customers. 鈥淭hey watch all 100,000 of their employees around the world with our products,鈥 McCabe says. Wavecrest鈥檚 product could also help P&G managers prepare regular reports on what kinds of websites employees are visiting, and can also provide detailed analyses of unproductive workers.
Sandstorm Enterprises of Malden, Massachusetts, markets a sophisticated monitor called Net Intercept that watches all network traffic, not just web usage. However, Sandstorm chief James Van Bokkelen says it鈥檚 impossible for IT managers to watch everything; instead, they focus on gathering evidence on the few individuals who are already a problem, sometimes resulting in firings. 鈥淓mployers have their lists of suspects,鈥 he says.
Companies use more devious means than just software, though, as Clifton Swigert, a former employee of West Virgina power company Allegheny Electric, knows to his cost. He was fired after anonymously posting some views about the company in a Yahoo discussion forum. 鈥淚t was the most horrific thing I ever experienced,鈥 recalls Swigert. 鈥淚 had perfect attendance for 13 years at the plant.鈥
Anonymous no more
Swigert had vented his frustration about the company鈥檚 retirement programme, and admits he 鈥渦sed some poor language鈥 to complain about a diversity workshop. What he said may have offended some, but he wrote it anonymously, used his own computer and wrote long after work hours. The board where he posted was specifically for discussions of Allegheny Electric, and many of the hundreds of comments left by other people were also derogatory and critical.
Nevertheless, Allegheny decided to track down the anonymous poster and sue them. The lawsuit meant Allegheny could subpoena Yahoo and obtain Swigert鈥檚 real name, but once they had it they dropped the lawsuit and fired him. In a counter-suit filed last year, Swigert鈥檚 attorneys claimed this action was an abuse of legal process, but there has been no ruling yet.
At issue here is a special kind of US subpoena for 鈥渟ubscriber information鈥 that opens the door for cases like Swigert鈥檚. It requires online service providers to supply lawyers with a subscriber鈥檚 real name and address. The catch is that neither the lawyers nor the service provider are required to notify the subscriber that this information has been revealed. So some may be fired without ever knowing why, says Paul Levy, an attorney with civil liberties group Public Citizen. Others may know why, says Levy, but since they never get representation their cases go unreported.
Of course, another place where companies can track employees鈥 activities outside the office is on blogs, and it is becoming more common for firms to issue a 鈥渂log policy鈥 to employees, detailing what dirty washing the company doesn鈥檛 want aired. Bank of America spokeswoman Lisa Kopp says personal blogs that breach company policy can lead to a person being fired.
Blogging policies have become widespread in the wake of several high-profile cases in Silicon Valley in which bloggers lost their jobs. Among those was Joyce Park, fired by social networking site Friendster two years ago. Park is the author of a popular blog called Troutgirl, which covers everything from high-tech issues to Park鈥檚 cat. She marvels at the weirdness of the experience. 鈥淚 was taken to a room, told it was a termination meeting, and told the reason was blogging,鈥 she recalls. 鈥淚 asked what they objected to and they wouldn鈥檛 tell me. I really just have no idea what I might have said.鈥
鈥淢y sacking was the most horrific thing. I had perfect attendance at the plant for 13 years鈥
Another blogger fired around the same time was Mark Jen, who lost his job at Google. He鈥檚 still not sure what he said, though the company did ask him to take two Google-related posts off his blog shortly before his firing. He took the posts down right away, but apparently that wasn鈥檛 enough.
Not that Google 鈥 which runs the blog engine Blogspot 鈥 is against blogging. Karen Wickre, editor of Google鈥檚 corporate blog, says the firm likes to hire bloggers because it鈥檚 鈥渘ice to know that they can put a couple of sentences together鈥. So does does Google makes a regular habit of reading people鈥檚 blogs before hiring them? 鈥淲e鈥檙e always looking for good people with talent,鈥 Wickre says. 鈥淚鈥檓 not willing to make a blanket statement that blogs don鈥檛 matter.鈥
Others think blogs are beginning to matter a whole lot. David Nachman of background-screening company HireRight based in Irvine, California, agrees with Wickre that a job-seeker鈥檚 blog might affect their chances of getting hired. Traditionally, HireRight has only provided criminal record checks and checks on qualifications and experience, but Nachman says interest in online activity is growing. 鈥淲e don鈥檛 offer this service yet, but it鈥檚 absolutely already happening. Employers are going to blogs and social networking sites when hiring.鈥
In effect this means that online monitoring may be starting before employees even sign their contracts. While some will find this shocking, many tech workers express a kind of fatalism. 鈥淭here are always ways to find out what individuals are doing, and sometimes that results in people getting fired,鈥 says IT administrator John Gilbert. 鈥淓verywhere I鈥檝e worked, there鈥檚 never been any privacy.鈥
Surveillance culture on the march
The US may be the Wild West of workplace monitoring, but the UK and Australia aren鈥檛 far behind. Carsten Sorensen, an expert on high-tech workplaces at the London School of Economics, warned recently that employee surveillance is on the rise. Bosses are using CCTV, network monitoring, GPS bracelets and even hidden microphones.
The UK鈥檚 Data Protection Act could afford some protections to workers, as it limits the disclosure of stored data such as records of websites employees are visiting. However, UK watchdog group Privacy International says that so far 鈥渢he act has been ineffective鈥. Bloggers are at risk, too: last year, Joe Gordon was sacked from bookshop Waterstone鈥檚 after 11 years there, for things he posted on his satirical blog.
In Australia, legislation in New South Wales requires employers to tell employees if they are under any kind of surveillance. However, the law does not regulate the level or type of spying, it just says that employees must be told about it. Electronic surveillance of Australian workers is on the rise, according to Canberra-based internet research firm Caslon Analytics, but there are as yet no national laws that limit monitoring of employees鈥 use of email and the internet.