Be careful. Your boss is watching you

If you have an Internet connection at work, you had better beware of where you do your surfing, and watch what you say in your e-mails.
Click to follow
The Independent Culture
EVER SINCE the first caveman turned to his neighbour and said, "Thag want job?", employees have been taking liberties with company time, whether trading jokes by the water-hole or visiting travel agents on the World Wide Web. But employees may want to think twice before e-mailing that latest dig at the female sex to their friends in accounts.

Increasingly, British businesses are monitoring Internet and e-mail use by staff, responding to a barrage of lawsuits which have been filed against companies in the United States, from libel actions over internal communiques to claims of sexual harassment via e-mail.

Few of us can say we have never updated our CV during office hours, or moaned about our boss to a sympathetic colleague over the company computer network. But the next time you try to e-mail your CV to a rival firm, it may be equivalent to a letter of resignation.

Already, British employers are coming down hard on staff who misuse the company Internet connection. Last year Natwest Markets, the bank's securities wing, fired three employees when its Internet service provider found the company system choked with pornographic images from the Net.

Growing numbers of British businesses are taking the offensive in the battle against employees who go wild on the Web, monitoring and recording their employees' activities in cyberspace. Commercial software packages such as WebSENSE from NetPartners, and the corporate versionsof child- protection programs such as Net Nanny Pro and Cyber Patrol Corporate, allow companies to act as a virtual private eye, reconstructing their employees' online sessions and keeping tabs on non-productive staff members.

Employees will usually be informed if monitoring is taking place but most of the time the software works silently in the background, logging visits to web sites and recording e-mails as they are sent and received. Employees who violate company directives - by continually e-mailing friends and relatives or visiting porn sites, for example - can be restricted to sending messages to approved corporate clients or blocked from specific areas of the Web, avoiding the need for more serious disciplinary measures.

Some Internet freedom advocates, however, detect overtones of Big Brother. "Increasingly, employers are taking on the role of moral guardians of their employees," says Chris Ellison of the organisation Internet Freedom. "Companies are concerned that looking at porn, for example, is not an ethical thing for their employees to be doing. There is a real move towards regulating people's moral conduct through the workplace."

Company monitoring of e-mail is a particular cause of concern to Net freedom groups. "Employees should have the right to communicate with each other without the fear that it could be used against them," Ellison says.

Jason Holloway, security products manager at Unipalm, which distributes WebSENSE in Britain and uses the software internally, is quick to defend corporate monitoring. "I'm personally very concerned about the issue of invasion of privacy on the Net," he says. "But I think employers have a right to make sure their staff are using the Net for commercial purposes in company time."

Administrators can configure their monitoring systems to restrict different departments to just the Web sites that are relevant to their work, or to block access to online recruitment services and prevent employees from disclosing sensitive information in e-mails, removing not only the temptation, but the opportunity for online procrastination. But are staff really so unruly in cyberspace that they need to be monitored? The evidence from America would seem to suggest so.

According to recent US studies, as little as 35 per cent of Internet use by employees may be work-related, with porn sites, sports pages and online shopping cited as favourite destinations for corporate Net users. A survey by Penthouse magazine revealed that employees at Apple Computer, AT&T and IBM spent the equivalent of 350 eight-hour workdays visiting the Penthouse Web site in a single month.

The issue of falling productivity appears to be the driving force behind corporate monitoring in Britain. "American companies are more interested in protecting themselves against legal action from employees," Holloway explains. "But in the UK, the mentality is more commercial. A lot of customers recently bought the software specifically to stop time being wasted by people surfing for the latest World Cup news."

The American propensity for legal action may go some way towards explaining the litigation fears of many US companies, but British businesses would do well to learn from the experiences of their American counterparts. In 1995 four female employees sued the American company Chevron Corporation for sexual harassment, after receiving anonymous pornography via company e-mail. The company eventually settled for more than $2m, one of the largest sexual harassment payouts in US history. Shortly afterwards Chevron introduced a company-wide monitoring system for employees' phone calls and e-mail.

In another high-profile case, Citibank found itself on the receiving end of a race discrimination lawsuit from black employees after racist jokes were found in internal e-mails circulated by white managerial staff.

Even if pornography or racist material is only present as files on individual company hard drives, it can be cited as evidence in a sexual harassment or discrimination case. In 1993 Microsoft was sued for sex discrimination by a female employee who was passed over for promotion and discharged from the company. Personal e-mails, in which a supervisor described himself as "President of the Amateur Gynaecology Club", were admitted by the court as evidence of sexual bias.

Corporate monitoring of employees' e-mails and downloaded files may alert companies to staff members who are exposing the company to litigation, but this alone may be insufficient to protect a company from legal action.

"The prudent course of action is for companies to monitor their e-mail and Internet systems, but to do so overtly rather than covertly," says Bill Jones, of Birmingham-based commercial lawyers Ragge and Co, who specialise in computer law. "A formal policy will help companies to show they have taken all reasonable steps to ensure that employees are aware of their legal responsibilities."

Part of the problem, he believes, is that employees often have an inappropriate attitude to e-mail. "Employees tend to see e-mail as a transient form of communication, like a phone call, so they tend to be more casual and informal in their approach," he says. "But company e-mail logs are documents, in a legal sense, and courts can demand that they are disclosed."

The recent spate of legal cases in America should act as a strong warning to staff members who are thinking of sending offensive jokes over company e-mail. Even if offending files have been deleted from the user's terminal, a record often exists on the local network mail server or on the employer's computer back-up system, and a skilled technician may be able to retrieve e-mail from as far back as 10 years ago, to be used as evidence in a lawsuit.

And the perils of electronic mail do not end with ill-considered jokes. In certain situations e-mail messages may be part of the public record and as such can be bound by the same publishing laws that apply to newspapers and the broadcast media. The risk of defamation by e-mail was dramatically illustrated in July last year when Norwich Union reached a pounds 450,000 out- of-court settlement with Western Provident Association after e-mails suggesting that Western Provident was was under investigation by the DTI were found circulating at Norwich Union. Under defamation law a company can be regarded as the publisher of any defamatory e-mails written by its staff.

Even if staff are conscientious with e-mails, a digital take on the issue of copyright must be thrown into the equation. When staff load pirated software on to their office work stations, they may be exposing their employer to a new set of legal dangers pertaining to intellectual property. A company can be liable if staff copy, run or distribute unlicensed software on the company computer system, even if they are unaware that copyright has been infringed.

A further cause of headaches for businesses is the tendency for employees to download slow-transferring, data-heavy files at work, rather than via their home Internet connection, reducing the usable bandwidth - and therefore the speed - of data transfer over the company Internet connection. Many companies may prevent all Internet downloads except in specific circumstances where it is necessary for an employee's work. A clear statement in an Internet policy document can prevent a lot of bad feeling between staff and employers over what staff may feel is a harmless activity.

Some aspects of corporate monitoring, however, are more magnanimous towards employees. Downloads from the Web or FTP sites can be infected by computer viruses which can go on to infect an entire company network. If your employer stops you downloading files from strange URLs, they may have your best interests at heart.

Your own company may not yet be monitoring you on the World Wide Web, but with Britain leading Europe in corporate Internet use, it may only be a matter of time. In general the message for employees is clear. Staff can joke all they want by the office coffee machine. The company Internet connection, however, is serious business.