Barst
28th September 2006, 22:21
The boss is watching your every click...
It is one of the biggest corporate scandals of the year: Hewlett-Packard chairman Patricia Dunn allegedly enlisted private investigators to spy on members of the HP board and several journalists to figure out who was leaking boardroom secrets. The investigators are said to have tricked reps at phone company AT&T into handing over the call records of their targets. Dunn has now resigned and California's Attorney General is considering bringing criminal charges.
While HP's top brass has been grabbing headlines, hundreds of corporations are routinely spying on their employees without attracting media attention. Sometimes companies keep tabs on employees by hiding cameras in lavatories, or tracking company cars using hidden GPS devices. Most often, however, corporate surveillance consists of logging everything employees do on their computers, from instant messaging, to emailing to browsing the web. Such wholesale monitoring is commonplace at firm such as household products maker Procter & Gamble, Bank of America, net giants Yahoo and Google, and healthcare provider Kaiser Permanente. And people are seldom told they are being watched.
Meanwhile, an increasingly mobile workforce is blurring the line between work and private time: log into work computers from home and employers can track what blogs you create, sign into or post to, or what you write on newsgroups, even outside work hours. Suddenly, online private lives are becoming company business.
Kaiser spokesman Matthew Schiffgens thinks workplace internet monitoring by IT departments is fair enough. "If something you're doing [on your work PC] isn't related to work, you shouldn't do it," he says. Yahoo's employee handbook echoes this: "Management, or a designee, may review or monitor email messages and traffic, review records of telephone usage, and inspect the contents of file cabinets, disk drives, desks, offices, etc (even if locked)."
According to Jeremy Gruber, legal director of the National Workrights Institute based in Princeton, New Jersey, US companies can legally watch everything employees do - and only two states require employers to tell workers they are under surveillance. Yet there are laws that prevent employers from listening to employees' personal phone calls made at work. So why no such protection for employees who might send a personal email or check an online auction's status during their lunch break?
"Legislatures are slow to address changes in technologies," Gruber says. "There's simply been no federal response to the problem of computer monitoring."
In this regulatory vacuum, a sizable industry has sprung up to offer software that monitors employees. One leader in the field, Wavecrest Computing of Melbourne, Florida, sells a product called Cyfin that tracks everything employees do online. Clients include oil giant ExxonMobil, UK telecoms firm BT and the US Department of Justice. Wavecrest spokesman Dennis McCabe says Procter & Gamble is also one of its largest customers. "They watch all 100,000 of their employees around the world with our products," McCabe says. Wavecrest's product could also help P&G managers prepare regular reports on what kinds of websites employees are visiting, and can also provide detailed analyses of unproductive workers.
Sandstorm Enterprises of Malden, Massachusetts, markets a sophisticated monitor called Net Intercept that watches all network traffic, not just web usage. However, Sandstorm chief James Van Bokkelen says it's impossible for IT managers to watch everything; instead, they focus on gathering evidence on the few individuals who are already a problem, sometimes resulting in firings. "Employers have their lists of suspects," he says.
Companies use more devious means than just software, though, as Clifton Swigert, a former employee of West Virgina power company Allegheny Electric, knows to his cost. He was fired after anonymously posting some views about the company in a Yahoo discussion forum. "It was the most horrific thing I ever experienced," recalls Swigert. "I had perfect attendance for 13 years at the plant."
Anonymous no more
Swigert had vented his frustration about the company's retirement programme, and admits he "used some poor language" to complain about a diversity workshop. What he said may have offended some, but he wrote it anonymously, used his own computer and wrote long after work hours. The board where he posted was specifically for discussions of Allegheny Electric, and many of the hundreds of comments left by other people were also derogatory and critical.
Nevertheless, Allegheny decided to track down the anonymous poster and sue them. The lawsuit meant Allegheny could subpoena Yahoo and obtain Swigert's real name, but once they had it they dropped the lawsuit and fired him. In a counter-suit filed last year, Swigert's attorneys claimed this action was an abuse of legal process, but there has been no ruling yet.
At issue here is a special kind of US subpoena for "subscriber information" that opens the door for cases like Swigert's. It requires online service providers to supply lawyers with a subscriber's real name and address. The catch is that neither the lawyers nor the service provider are required to notify the subscriber that this information has been revealed. So some may be fired without ever knowing why, says Paul Levy, an attorney with civil liberties group Public Citizen. Others may know why, says Levy, but since they never get representation their cases go unreported.
Of course, another place where companies can track employees' activities outside the office is on blogs, and it is becoming more common for firms to issue a "blog policy" to employees, detailing what dirty washing the company doesn't want aired. Bank of America spokeswoman Lisa Kopp says personal blogs that breach company policy can lead to a person being fired.
Blogging policies have become widespread in the wake of several high-profile cases in Silicon Valley in which bloggers lost their jobs. Among those was Joyce Park, fired by social networking site Friendster two years ago. Park is the author of a popular blog called Troutgirl, which covers everything from high-tech issues to Park's cat. She marvels at the weirdness of the experience. "I was taken to a room, told it was a termination meeting, and told the reason was blogging," she recalls. "I asked what they objected to and they wouldn't tell me. I really just have no idea what I might have said."
"My sacking was the most horrific thing. I had perfect attendance at the plant for 13 years"Another blogger fired around the same time was Mark Jen, who lost his job at Google. He's still not sure what he said, though the company did ask him to take two Google-related posts off his blog shortly before his firing. He took the posts down right away, but apparently that wasn't enough.
Not that Google - which runs the blog engine Blogspot - is against blogging. Karen Wickre, editor of Google's corporate blog, says the firm likes to hire bloggers because it's "nice to know that they can put a couple of sentences together". So does does Google makes a regular habit of reading people's blogs before hiring them? "We're always looking for good people with talent," Wickre says. "I'm not willing to make a blanket statement that blogs don't matter."
Others think blogs are beginning to matter a whole lot. David Nachman of background-screening company HireRight based in Irvine, California, agrees with Wickre that a job-seeker's blog might affect their chances of getting hired. Traditionally, HireRight has only provided criminal record checks and checks on qualifications and experience, but Nachman says interest in online activity is growing. "We don't offer this service yet, but it's absolutely already happening. Employers are going to blogs and social networking sites when hiring."
In effect this means that online monitoring may be starting before employees even sign their contracts. While some will find this shocking, many tech workers express a kind of fatalism. "There are always ways to find out what individuals are doing, and sometimes that results in people getting fired," says IT administrator John Gilbert. "Everywhere I've worked, there's never been any privacy."
From issue 2571 of New Scientist magazine, 30 September 2006, page 30-31
It is one of the biggest corporate scandals of the year: Hewlett-Packard chairman Patricia Dunn allegedly enlisted private investigators to spy on members of the HP board and several journalists to figure out who was leaking boardroom secrets. The investigators are said to have tricked reps at phone company AT&T into handing over the call records of their targets. Dunn has now resigned and California's Attorney General is considering bringing criminal charges.
While HP's top brass has been grabbing headlines, hundreds of corporations are routinely spying on their employees without attracting media attention. Sometimes companies keep tabs on employees by hiding cameras in lavatories, or tracking company cars using hidden GPS devices. Most often, however, corporate surveillance consists of logging everything employees do on their computers, from instant messaging, to emailing to browsing the web. Such wholesale monitoring is commonplace at firm such as household products maker Procter & Gamble, Bank of America, net giants Yahoo and Google, and healthcare provider Kaiser Permanente. And people are seldom told they are being watched.
Meanwhile, an increasingly mobile workforce is blurring the line between work and private time: log into work computers from home and employers can track what blogs you create, sign into or post to, or what you write on newsgroups, even outside work hours. Suddenly, online private lives are becoming company business.
Kaiser spokesman Matthew Schiffgens thinks workplace internet monitoring by IT departments is fair enough. "If something you're doing [on your work PC] isn't related to work, you shouldn't do it," he says. Yahoo's employee handbook echoes this: "Management, or a designee, may review or monitor email messages and traffic, review records of telephone usage, and inspect the contents of file cabinets, disk drives, desks, offices, etc (even if locked)."
According to Jeremy Gruber, legal director of the National Workrights Institute based in Princeton, New Jersey, US companies can legally watch everything employees do - and only two states require employers to tell workers they are under surveillance. Yet there are laws that prevent employers from listening to employees' personal phone calls made at work. So why no such protection for employees who might send a personal email or check an online auction's status during their lunch break?
"Legislatures are slow to address changes in technologies," Gruber says. "There's simply been no federal response to the problem of computer monitoring."
In this regulatory vacuum, a sizable industry has sprung up to offer software that monitors employees. One leader in the field, Wavecrest Computing of Melbourne, Florida, sells a product called Cyfin that tracks everything employees do online. Clients include oil giant ExxonMobil, UK telecoms firm BT and the US Department of Justice. Wavecrest spokesman Dennis McCabe says Procter & Gamble is also one of its largest customers. "They watch all 100,000 of their employees around the world with our products," McCabe says. Wavecrest's product could also help P&G managers prepare regular reports on what kinds of websites employees are visiting, and can also provide detailed analyses of unproductive workers.
Sandstorm Enterprises of Malden, Massachusetts, markets a sophisticated monitor called Net Intercept that watches all network traffic, not just web usage. However, Sandstorm chief James Van Bokkelen says it's impossible for IT managers to watch everything; instead, they focus on gathering evidence on the few individuals who are already a problem, sometimes resulting in firings. "Employers have their lists of suspects," he says.
Companies use more devious means than just software, though, as Clifton Swigert, a former employee of West Virgina power company Allegheny Electric, knows to his cost. He was fired after anonymously posting some views about the company in a Yahoo discussion forum. "It was the most horrific thing I ever experienced," recalls Swigert. "I had perfect attendance for 13 years at the plant."
Anonymous no more
Swigert had vented his frustration about the company's retirement programme, and admits he "used some poor language" to complain about a diversity workshop. What he said may have offended some, but he wrote it anonymously, used his own computer and wrote long after work hours. The board where he posted was specifically for discussions of Allegheny Electric, and many of the hundreds of comments left by other people were also derogatory and critical.
Nevertheless, Allegheny decided to track down the anonymous poster and sue them. The lawsuit meant Allegheny could subpoena Yahoo and obtain Swigert's real name, but once they had it they dropped the lawsuit and fired him. In a counter-suit filed last year, Swigert's attorneys claimed this action was an abuse of legal process, but there has been no ruling yet.
At issue here is a special kind of US subpoena for "subscriber information" that opens the door for cases like Swigert's. It requires online service providers to supply lawyers with a subscriber's real name and address. The catch is that neither the lawyers nor the service provider are required to notify the subscriber that this information has been revealed. So some may be fired without ever knowing why, says Paul Levy, an attorney with civil liberties group Public Citizen. Others may know why, says Levy, but since they never get representation their cases go unreported.
Of course, another place where companies can track employees' activities outside the office is on blogs, and it is becoming more common for firms to issue a "blog policy" to employees, detailing what dirty washing the company doesn't want aired. Bank of America spokeswoman Lisa Kopp says personal blogs that breach company policy can lead to a person being fired.
Blogging policies have become widespread in the wake of several high-profile cases in Silicon Valley in which bloggers lost their jobs. Among those was Joyce Park, fired by social networking site Friendster two years ago. Park is the author of a popular blog called Troutgirl, which covers everything from high-tech issues to Park's cat. She marvels at the weirdness of the experience. "I was taken to a room, told it was a termination meeting, and told the reason was blogging," she recalls. "I asked what they objected to and they wouldn't tell me. I really just have no idea what I might have said."
"My sacking was the most horrific thing. I had perfect attendance at the plant for 13 years"Another blogger fired around the same time was Mark Jen, who lost his job at Google. He's still not sure what he said, though the company did ask him to take two Google-related posts off his blog shortly before his firing. He took the posts down right away, but apparently that wasn't enough.
Not that Google - which runs the blog engine Blogspot - is against blogging. Karen Wickre, editor of Google's corporate blog, says the firm likes to hire bloggers because it's "nice to know that they can put a couple of sentences together". So does does Google makes a regular habit of reading people's blogs before hiring them? "We're always looking for good people with talent," Wickre says. "I'm not willing to make a blanket statement that blogs don't matter."
Others think blogs are beginning to matter a whole lot. David Nachman of background-screening company HireRight based in Irvine, California, agrees with Wickre that a job-seeker's blog might affect their chances of getting hired. Traditionally, HireRight has only provided criminal record checks and checks on qualifications and experience, but Nachman says interest in online activity is growing. "We don't offer this service yet, but it's absolutely already happening. Employers are going to blogs and social networking sites when hiring."
In effect this means that online monitoring may be starting before employees even sign their contracts. While some will find this shocking, many tech workers express a kind of fatalism. "There are always ways to find out what individuals are doing, and sometimes that results in people getting fired," says IT administrator John Gilbert. "Everywhere I've worked, there's never been any privacy."
From issue 2571 of New Scientist magazine, 30 September 2006, page 30-31