Company Surveillance: Why Bosses Should Spy on Employees

It is common in the workplace that some employees will get an e-mail from one of their co-workers marked NSFW (Not Safe for Work). Most likely, they will view it with little thought. Yet, to their chagrin, it might be more harmful than they realize. More and more companies are monitoring their employees' online activity. According to the American Management Association, nearly two thirds of companies monitor their employees' online activities (Tynan). Therefore, online privacy at work is no longer guaranteed. Without a doubt, many employees might feel that this is an intrusion. However, from an employer's point of view, they have much more to lose. Because employers have a need to protect their resources, confidentiality and reputation, they have valid reason to know what their employees are doing on the job.

While a boss is not always going to be looking over all of their employees' shoulders, there are various technologies that have been implemented to keep tabs on employees. According to Zetter, there are two main categories of spying software that companies are using: programs that reside on an employee's desktop and network-based programs that monitor all activity that passes through a system (174). For instance, there is a desktop program called Spector Pro, manufactured by SpectorSoft, which can track and block websites as well as log keystrokes from searches blocks employees from sending sensitive information regarding the company (Zetter 171 -172). Another unique capability of Vericept Protect that Zetter highlights is that it can examine the tone of an email to detect job dissatisfaction (174). A substantial amount of companies use software such as these for multiple uses. A survey done by the American Management Association and the ePolicy Institute reveals that: sixty percent of organizations use software to monitor web connections; sixty-five percent use software to block certain websites; thirty-six percent use technology to record keystrokes; and fifty-five percent have software in order to retain and review email (Joyce F.1). Evidently, the use of monitoring software is nothing unusual.

Besides using computer software, some companies have taken it a step further. Devices such as Radio frequency ID chips, GPS enabled cell phones, and biometric devices are being implemented by firms to monitor employees. Radio frequency ID (RFID) chips are used in employee ID cards and are capable of alerting employers when employees enter the office, as well as, tracking their whereabouts within the office (Zetter 175). Similarly, GPS enabled cells phones allow supervisors to track workers' movements externally by transmitting signals and mapping their location on a computer screen (Zetter 175). The use of biometric devices, which are able to scan personal characteristics for identification, are increasingly becoming popular among private companies and government agencies to monitor building access (Zetter 175). Using technology of this sort would make it much more difficult to deceive or bypass systems. However, with innovations like this, there is a propensity for it to be used as an aid in identifying if an employee has a medical condition (Zetter 175).

Along with the implementation of employee monitoring comes the issue of employee privacy. Normally, most people are not comfortable with any of their activity being monitored. Constitutionally, the protection of employee privacy regarding unlawful search seizure or self-incrimination does not extend to private companies (Tynan). While privacy protection in for employees is limited, a moral dilemma arises. Given that employees are conducting personal matters and not violating company policy, some may argue that monitoring activities such as email or checking bank accounts is truly invasive. A survey done by Littler Mendelson, and the Ponemon states that thirty- eight percent or workers said their privacy would be violated if their email and internet access was viewed by their employer (Joyce F.1). Institute Assistant federal defender David Ness felt this way, "It seems like it's one more intrusion on people's privacy rights," he said, "There may be some things on my computer that I wouldn't necessarily mind someone at my office looking at, but I wouldn't want to share them with (law enforcement agents) or even the community at large" (Egelko A.8). Also, with monitoring technology becoming increasingly sophisticated, discriminating factors could arise. For example, if biometric devices are used to identify if an employee has a medical condition, an employer could use that information in terminating the employee unfairly. A manager might be tempted to blackmail a subordinate by purposely finding incriminating material on the worker's computer and using that to possibly terminate the employee (Trembly 26). In addition, employees can also be scrutinized about personal information displayed on blogs and public social web sites such as Myspace (Zetter 177). Ultimately, employers that institute monitoring could be at risk of losing employees because of the trust or their workers trust being violated (Cohen 5).

Legally, employers have the support of the courts in regard to monitoring their workers. Courts have ruled that employee monitoring is not an invasion of privacy because while on the job, the equipment and the resources being used belong to the employers (Santora 1). Employers are given a legal right to protect themselves under the Electronic Communications Privacy Act (ECPA), which allows them to monitor all email and internet activities on company systems (Wen, Schwieger, and Gershuny 185). The use of video cameras in instances to prevent theft has even been allowed by courts (Wen, Schwieger, and Gershuny 185). Harding described an employee's right to privacy as a 'qualified right' meaning it may be interfered with if certain conditions are met (1). Under the Regulation of Investigatory Powers Act 2000 (RIPA), employers are permitted to intercept worker's electronic communication given they meet certain circumstances (Harding 1). Under RIPA a worker's consent is not required under these circumstances: the monitoring is relevant to the employer's business; the telecommunications system is wholly or partly provided by the employer for work purposes; and the employer has made all reasonable efforts to inform users, both inside and outside the workplace, that their communications may be intercepted (Harding 1). As of now, there is not a U.S. federal or state law that prevents employers from monitoring their electronic workplace (Wen, Schwieger, and Gershuny 185). In fact, no federal law exists that requires a company to disclose when monitoring software is installed (Zetter 177). However, it is only mandatory for a firm to have an evenly enforced policy regarding acceptable use of email and internet (Santora 1).

A main priority for any employer is to gain revenue and prevent the unnecessary loss of it. Even though an employee is responsible for their own actions when accessing the internet, the employer has exposure from each employee. Therefore, employers are also held accountable for their employees' activities online. Employers risk liabilities if illegal content exists on their systems (Taillon 16). The downloading of files such as music mp3s, movies, and other copyrighted content could in incur costly lawsuits due to copyright laws established to protect artist (Taillon 16). The possession of pornography, especially child pornography, is of the utmost concern. The Child Online Protection Act makes it a felony to download, print share or posses pornographic images of children (Taillon 16). Violators could face large fines, potential jail time, and probation. This happened to be the case with Jeffrey Ziegler, a director of operations for Frontline processing located in Bozeman, Montana. When an FBI agent learned in January 2001 that an employee from that company accessed child pornography on one of its computers, he contacted Frontline's IT Administrator, which said that the websites had been traced to Ziegler's computer (Egelko A.8). Egelko further reveals that the company began to monitor Zeigler's computer, made copies of the hard drive, and relinquished them to the FBI (A.8). Ziegler pleaded guilty to one count of receiving obscene material, was fined $1000, and placed on probation (Egelko A.8). If there had not been monitoring of individual employees' computers, the company would have had to accept full liability for the illicit content.

Neglecting employee email could potentially expose employers to even more costly claims as well. Twenty-four percent of companies have had email subpoenaed by the courts and fifteen percent of employers have gone to court to battle lawsuits initiated by email misuse as of 2006 (Joyce F.1). Unfortunately, Chevron learned this the hard way. The company had to settle a $2.2 million lawsuit due to a sexual harassment claim from female employees, which stemmed from inappropriate internally circulated emails (Greengard 24; Zetter 173). This could have been avoided if the office email had been monitored and the violators disciplined. For instance, one company was faced with a suit from an employee who claimed someone left printouts of adult websites in her office (Zetter 174). The company used the afore mentioned monitoring program, Vericept, to inspect her Web use, which found that the employee had visited and printed the pages herself. Ultimately, companies may have the ability elude expensive claims, whether legitimate or false, if emails are monitored.

To employers, the saying "time is money" will never become cliché. Therefore, when time is lost, money is lost. Usually, many of the activities employees get involved in on the internet are benign. Shopping on eBay or viewing ESPN.com are not necessarily harmful within themselves, but they are a problem when employees spend hours viewing them (Cohen 3). Productivity, or the loss of it, gives validation for many companies to monitor employees' computer use. Approximately fifty percent of all internet activity is non business related (Greengard 22). A Gartner study estimated that personal internet use in the office causes a forty percent decrease in productivity each year (Internet Monitoring Software WK.7). Eventually, all of the lost time can add up to billions of dollars in lost revenue. To be exact, $759 billion are lost annually mainly because to loitering online in the office (Zetter 172). Not only that, it does not take many employees visiting sites such as YouTube, Yahoo, or any site that offers media for download to hog system resources such as bandwidth (Cohen 3). Decreased bandwidth means a slower connection for employees who are actually working. Overall, excessive internet usage can cause a domino effect for the productivity of a company. There is no way

Security is another concern that employers have to give attention to. Visiting unsavory sites such as for porn, gambling, or gaming can not only expose employers to lawsuits and productivity loss, it can make company systems vulnerable to malicious viruses (Zetter 173). The harmful viruses can secretly load onto an employee's computer and allow third parties access to very sensitive information (Zetter 173). It is not safe for businesses to assume that employees will never visit such sites. While some employees may deliberately choose to participate in dangerous online behavior, a majority of workers visit a site that is harmful because it is disguised and difficult to detect (Taillon 16). James MacDougall, head computer of security for state agencies in North Carolina, phishes state employees with bait email (Joyce F.1). Despite being warned of security breaches, natural curiosity overcomes employees. About thirty percent of employees clicked on the bait email, which was from an unknown recipient, within twenty minutes (Joyce F.1). However, this can be avoided with monitoring software accompanied by the use firewalls and antivirus software that can prevent employees from visiting certain places online while preventing dangerous programs from infiltrating computer systems.

Employees themselves can pose a risk to a company's security and confidentiality. Workers may deliberately or accidently release confidential information that could be detrimental to a business. When a program called Digital Guardian was installed on the network of a company that made video games, it caught a worker trying to steal designs for a new game before it was released (Zetter 173).This worker allegedly logged in to a credit union site to handle person banking, but he actually opened the door to an accomplice who had hacked himself into the credit union's network and waited there to steal the game files (Zetter173). Vice president of the data-security firm Vontu, Steve Roop, says that such a sinister scenario is rare but attributes it to "good people doing dumb things" (Zetter 173). Roop then relates a counter example regarding an employee of a cell phone designer. He became so excited about a new phones design that he sent a prerelease graphic to a fan site in order to create advanced buzz. Unfortunately, it allowed competitors to copy the design and endanger the earnings of the company (Zetter 173-174). For these reasons, many employers may choose to block instant messaging to prevent t he exchange of confidential information.

Many employers want to do the utmost to protect the reputation of their company. Anything negative involving them or their establishment could be calamitous for their business. While employees have a right to freedom of speech, not showing discretion regarding the employer, its business partners, and its employees exposes an organization up to possible investigation, lawsuits, poor publicity, and lost business (Wen, Schwieger, and Gershuny 185). Logically, this would be another valid reason for employers to keep examine the tone of the messages that employees publicize about the company.

Not to be overlooked is an employee's behavior while not in the office. Widely known are the mishaps of Tank Johnson, Michael Vick, and Don Imus. All of these professionals were penalized by their companies or teams because of being involved in inappropriate behavior. All companies do well to avoid or standing by someone that represents the in a bad light. Employees much watch how they portray themselves on online social websites. Many may feel less inhibited when they are constructing their profiles. However, one must steer clear of unprofessional behavior. A naughty Myspace profile of a known employee of a company could be damaging to a career before it even begins. Stacy Snyder, an aspiring teacher, had to forfeit her teaching certificate and switch her degree because of a photo of herself on her MySpace profile which showed her wearing a pirate hat and holding a plastic cup (Zetter 177). The caption but high school official dubbed her behavior unprofessional and inappropriate (Zetter 177).

Employers face many obstacles in order to be successful. Yet, if certain matters regarding the employees are overlooked, results could be disastrous for a business. Employers could lose productivity, revenue, valuable trade information, and a good reputation if there is nothing implemented to keep employees on task and prevent them from doing harmful activities while online. Just as a factory would check to see if its equipment was working properly and not defective, it is even more imperative that employers monitor their staff in such a way. Rather than being an invasion of privacy, employee monitoring is an essential to protect the assets of a business.Works Cited

Cohen, Alan. "Worker Watchers." Fortune 2006: 70-80. FirstSearch. 23 August 2007 .

Egelko, Bob. Employer's Right to Monitor Online Activity Reaffirmed." San Francisco Chronicle (9 Aug 2006): FINAL Edition: A.8. Proquest. 20 August 2007 .

Greengard, Samuel. "The High Cost of Cyberslacking." Workforce.com (Dec. 2000): 22-24. FirstSearch. 23 August 2007 .

Harding, Siobhan. "Working Brief: E-mail and internet at work. " Belfast Telegraph (5 March 2007),1 ProQuest. 1 October 2007

Joyce, Amy. "It's the Boss Fooling You -- for Safety's Sake ." The Washington Post [Washington, D.C.] (20 May 2007): FINAL Edition: F.1. ProQuest. 23 August 2007 .

Santora, Tommy. "Employers Maintain Right to Monitor Computer Use." New Orleans CityBusiness (14 Aug. 2006): 1. Proquest. 21 August 2007 .

Taillon, Gregory. "Controlling Internet Use in the Workplace." The CPA Journal 74((July 2004)): 16. ProQuest. 25 August 2007 .

Trembly, Ara. "Office Spy Software Makes Boss Big Brother." National Underwriter (Property & Casualty/Risk & Benefits Management (25 Sep 2006): 26. FirstSearch. 23 August 2007 .

Tynan, Daniel. "Your Boss Is Watching." http://pcworld.about.com. 2000. About, Inc. 9 Sept. 2007 .

Wen, H Joseph, Dana Schwieger and Pam Gershuny. "Internet Usage Monitoring in the Workplace: Its Legal Challenges and Implementation Strategies. " Information Systems Management 24.2 (2007): 185-196. ABI/INFORM Global. ProQuest. 1 Oct. 2007

Will This Internet Monitoring Software Save Firms Time and Money?." National Post [Don Mills] (9 May 2007):National Edition: WK.7. Proquest. 20 August 2007 .

Zetter, Kim. "Is Your Boss Spying on You?" Reader's Digest (Sept. 2007): 171 -177.