Employers cracking down on illicit Web surfing in workplace

By Doug Bedell / Staff Writer of The Dallas Morning News
Published 03-12-2000
Click here for a printer-friendly version of this story

American workers using employers' computers to surf Internet sexsites on company time are learning a tough lesson: The electronic surf may be up, but the waves could be dangerous.

Cyberslacking at sex sites and other entertainment venues is pushing more and more corporations to monitor Net habits. And, with a smattering of state court rulings in their favor, firms have begun firing - and even calling police agencies - when they can document inappropriate or illegal activity on their computer systems.

Depending on who's talking, this growing practice is either a company' s right and duty or a high-tech assault on individual liberties.

"This is the gateway to Big Brother," said Virginia attorney Marvin D. Davis, who represents a Central Intelligence Agency worker who was fired, arrested on the job and convicted and imprisoned for possession of child pornography.

Some of the evidence against Mr. Davis' client was seized from a personal Zip drive storage device that was never attached to the CIA computer system, said Mr. Davis.

For some companies, the biggest problem isn't where their employees surf, but the time they spend at sites. At Xerox-PARC, where 40 workers were fired in October for wasting as much as eight hours a day visiting inappropriate Web sites, monitoring employee Net activities is considered a necessity.

"It's how much time they spent," said Xerox spokesman Bill McKee. "It is the same thing as if you had an employee who disappeared from his desk for four hours. He's not working."

Most of the companies that have disciplined workers for improper on-the-job Web use contend that employees have had ample warnings. At some workplaces, including Xerox, pop-up windows remind employees of policies each time they log on.

Ongoing problems

Still, problems have persisted. At Compaq Computer Corp., 20 employees were fired recently after bosses discovered that the workers had logged more than 10,000 hits apiece on sexually explicit Web sites. A recent Nielsen Media Research survey revealed that IBM, AT&T, Apple, NASA and Hewlett-Packard employees visited the online edition of Penthouse magazine thousands of times a month.

In 1998, a survey of American Management Association members showed the depth of corporate concern over the Internet's arrival in the workplace. It found that 63 percent watched over e-mail, computer files or Internet use. The survey also revealed that 23 percent don' t notify employees of the tactic.

Many companies began the practice after noticing patterns among select users. Ernst & Young reported that some firms have calculated that more than 80 percent of their Internet capacity was being used to access sports, pornography and other nonbusiness Web sites.

"One joker in sales downloaded 30 megabytes of files from a porno site in Sweden, in the middle of peak business," reported a Long Island, N.Y., systems engineer on a security discussion list. "We found out who he was, and his butt was history."

Last year, 45 percent of computer technical managers surveyed by InternetWeek magazine said they had established an Internet use policy specifically to combat inappropriate Web use. About one-fourth said breaches have resulted in terminations.

The American Civil Liberties Union estimates that more than 20 million workers have their e-mail, computer files or voice mail searched by their employers.

By 2001, predicts the Gartner Group, 75 percent of companies with more than 1,000 employees will have Internet use policies and will routinely monitor for compliance.

"With cyberslacking becoming more and more prevalent, managers can no longer pretend a problem doesn't exist," said John Carrington, CEO of Websense, maker of one of more than a dozen monitoring software packages being marketed across the world.

Litigation threat

Employers are not only concerned about lost productivity, but leery of lawsuits filed by co-workers exposed to offensive content on a colleague's screen.

"The idea is that if employees are informed that this technology exists and has been employed in their environment, suddenly a lot of these problems that you were worried about as an employer disappear, " said Doug Fowler, vice president of marketing for Spector, another monitoring software package. "Gambling, seducing a child over the Internet, things like that could place the employer in a certain amount of liability."

The peculiar issues being raised by the Internet's arrival in the workplace will undoubtedly take years to clarify in the courts. There is no federal protection for any activity an employee conducts on a company computer. And most state privacy laws have not yet addressed Internet use, said Dr. Laura Pincus Hartman, who holds the University of Wisconsin-Madison's Grainger Chair in Business Ethics and is an expert in workplace privacy issues.

Only five states require some sort of notification before surveillance can take place, Dr. Hartman said.

Meanwhile, in the overwhelming majority of lawsuits brought by workers fired or disciplined for their Web use, courts have sided firmly with an employer's right to examine everything on a worker' s hard drive or monitor.

The basic test is whether the employee has a reasonable expectation of privacy when he is in the workplace, said Mark S. Dichter, chairman- elect of the American Bar Association's Labor and Employment Law Section and a lawyer with a Philadelphia firm.

Electronic surveillance of restrooms, for example, is generally considered to be an invasion of privacy in most circumstances. But, Mr. Dichter said, when it comes to using the company computer system, judges and juries have concluded that workers have no right to roam the Net at will.

"I think the law has pretty well evolved in terms of the non-expectation of privacy with computers," said Mr. Dichter, who advises corporations on Internet policies and handles their cases. "The one thing that makes this different is the ability companies now have to scan and monitor a lot of information."

That ability has come to the marketplace in software packages with names such as Watchdog, Spector, Websense and WebMarshal.

Each has its own technique for monitoring Web use. Some are simple filters, programmed to deny employee access to known sex sites. Others exclude access based on key words within Web pages.

Monitoring monitors

However, early corporate users of monitoring packages found that the programs needed constant updating as new sites were discovered. In some cases, that breed of software restricted workers from research at sites on breast cancer or AIDS, for example.

WebMarshal lets supervisors schedule open Internet time when employee actions won't be scrutinized.

One of the newest solutions is Spector, which makes snapshots of exactly what's on a computer screen at adjustable intervals.

The snapshots are saved in a file, then called up by supervisors when - and if - they suspect cyberslacking.

Demonstrations of this product show that it allows rapid scrolling through hundreds of time-stamped screen shots in minutes.

"Most people [supervisors] go in and look every couple of days, " said Mr. Fowler of Spector. "It's kind of like rewinding a VCR."

Mr. Fowler said his company's product addresses a key problem with Web monitoring: How do you tell whether an employee stumbled into an inappropriate site accidentally?

"If you get to a sex site accidentally through some e-mail somebody sent you, and you get right out, that's going to show," he said. " If you stay there for two hours, you know it's something different."

A San Diego lawyer recently reported that he obtained a settlement for a client accused in just such a mix-up. Everett L. Bobbitt told The New York Times that he represented a police officer fired after his boss found a file showing a visit to a pornographic site at www.whitehouse.com. But the police officer, whom Mr. Bobbitt would not identify for The Times, insisted that he had meant to type www.whitehouse.gov - the official White House site. He sued for wrongful termination and eventually settled the suit for $100,000, Mr. Bobbitt told The Times.

However, the case of Mr. Davis' CIA client, Mark L. Simons, went in an entirely different direction. Mr. Simons was fired and convicted in 1998 of possessing child pornography.

The case began when a computer network manager using monitoring software found that Mr. Simons' workstation had called up several pornographic Web sites, said Mr. Davis.

Bosses, said Mr. Davis, then entered Mr. Simons' locked office and seized a personal Zip drive and the company hard drive for evidence.

While Mr. Simons did not dispute the facts of the case against him, Mr. Davis argued that the agency's search of his client's computer was unlawful because his employer initially looked at his hard drive without involving the police, who would have had to obtain a search warrant. The U.S. District Court for the Eastern District of Virginia ruled in favor of the employer. In addition, it found the seizure of the Zip drive was proper - even though it had not been connected to the CIA system, Mr. Davis said.

The Zip drive had nothing to do with the office computer, but the court said, " "Of course they can take it,' " said Mr. Davis.

"That's like saying if you bring your briefcase to the office and you violate Internet policy, they get to seize your briefcase. They' ve made that leap. And that's not something a court should do."

Beyond the legal complexities of workplace Web surveillance, social and moral implications must be considered by employers, said Dr. Hartman. Trust can be eroded.

"The demands keep increasing in terms of what employers ask of you," she said. "Searching the Web to find travel deals or a present for your spouse or something may be something you've chosen to do so you can stay longer at the office," Dr. Hartman said. "The employee still needs to be efficient and productive in the workplace. If you are, and you're getting superior reviews, there's no reason you can' t get those reviews and still do some of your personal entertainment."

Heaping restrictions on everyone because of the misdeeds of a few could result in an unsettled, paranoid workforce, Dr. Hartman said. And it may take huge investments in manpower to survey the activities of everyone in a large corporation such as Xerox, which has 92,000 workers worldwide.

Unions and others suspicious of management may worry that Web monitoring can be too easily used by unscrupulous bosses to stifle discussion of valid workplace issues.

"But employers are not looking for reasons to fire employees; they spend a lot of money recruiting and training them," said Mr. Dichter. "Nor do they have the time or interest in being voyeurs."

CHART(S): (The Dallas Morning News) THE NET EFFECT AT WORK.