Journalist, editor and producer covering society, business, architecture, tourism, rural regeneration, conservation. I work/have worked for The Guardian, Telegraph, Times, Financial Times, Conde Nast Traveller, Business Life, Business Insider, Reader's Digest, Icon Films and the BBC. I also provide consultancy services to international brands.
Fifty years ago a manager knew when his team clocked on and off. Now employers are using hidden cameras, GPS and RFID tags, keystroke logging and emergent technology to monitor productivity, phone calls, emails, online browsing, instant messaging, blogging, where you go for lunch and what you eat. Well, possibly not what you eat. Yet.
The Law: Or rather the laws. Companies have a legal right to track and protect property – intellectual and otherwise – and monitor the workplace activities of their staff, but there are regulations governing how that information is collected and used specific to different regions and industry sectors, for example Sarbanes-Oxley, the European Data Protection Initiative and Gramm-Leach-Bliley.
Then there are codes of practice. The International Labour Organization (ILO) code of practice on the protection of workers’ personal data includes a set of Fair Information Principles (FIPS). Among them that companies should identify the purposes for which the information is processed at or before the time of collection and only collect information that is pertinent to that purpose; only collect personal information with the knowledge and consent of the individual; not use or disclose personal information for purposes other than those specified; retain it for only as long as necessary, protect it and allow people access to their personal information and the chance to amend any inaccuracies. Now top secret documents can be sent around the world in the time it takes to say ‘oops’ businesses have had to tighten security around online communication.
The Regulation of Investigatory Powers Act (RIPA) passed in 2000, gives powers to the police and other agencies – including company employers – to intercept emails and mobile phone calls and monitor internet use, but has always been contentious, with opponents arguing that it undermines employees’ rights to privacy. Many see it as a contravention of the Data Protection Act and the European Convention on Human Rights (Article 8 being “everyone has the right to respect for his private and family life, his home and his correspondence”). The bottom line is that companies must find a balance, establish an acceptable use policy governing communication and the internet, educate their workforce, explain when, where, how and why monitoring will take place, and enforce the rules.
Where no policy is in place and an employee carries out an illegal activity on a company network – from circulating offensive emails to breaching security, the employer is legally liable. Video Surveillance: You’d think with 4.2 million CCTV cameras catching us an average 300 times a day we’d be used to video surveillance, but this is one area of corporate espionage that both never fails to surprise and annoy.
In the US, 51% of companies use video monitoring to counter theft, violence and sabotage but a further 10% use video to monitor the performance of some job categories, and 6% tape everyone – hence the amount of CCTV office footage on YouTube. Indian call centre workers attracted by the prospect of a job giving them independence, reasonable pay and a social life with young colleagues beyond the prying eyes of close-knit families, are among the world’s most closely-monitored workers. Footage of employees having sex in cubicles, stairwells and car parks has rocked Bangalore. Elsewhere companies have resorted to more clandestine methods to catch out employees, in the US, hiding a camera in an air vent in a washroom at Colgate-Palmolive co., in the UK carrying out covert surveillance of a Scottish Water employee’s home to establish the fact he had been forging his time sheets.
Whether or not video evidence can be used as the basis for disciplinary action depends on whether or not it is deemed to have contravened their right to privacy under the Human Rights Act (in the first case courts decided it did, in the second it didn’t). Intrusive surveillance doesn’t help create a happy working atmosphere. Female staff at Securicor were not pleased to find hidden cameras in the locker room they used for changing. Similarly when nurses taking a well-earned break at the Good Samaritan Hospital in Los Angeles spotting a beam from a clock investigated and discovered a hidden camera (one of 15) the overall mood among staff was described as being one of “suspicion and ill-will” But video surveillance is on the increase and getting more sophisticated with IP-based video systems and intelligent surveillance triggered by variations to normal behavioural patterns, and the market is expected to be worth in excess of $21 billion by 2010.
Network Monitoring: UK companies monitoring employees’ internet use: 65% (Clearswift) (US: 76% – AMA) Aside from loss of productivity, personal use of company internet access can clog up internet bandwidth, increase the risk of downloading malicious mobile code (MMC), and potential legal liability (US-based Citibank was sued for $2m over employees downloading pornography from the internet). “We believe that a substantial amount of employee Internet activity in the workplace is non-work-related, and that a significant portion of non-business-related e-commerce is conducted through an Internet connection at work,” say Websense, a leading monitoring company.
They’re right. In a global survey by NetScout, 76% of network administrators had found employees watching streaming video such as sports, news and music, and 73% said they’ve uncovered the use of Internet radio and streaming audio. 58% with file sharing, downloading and using peer-to-peer applications; and 51% caught their employees playing Doom and online poker. Two companies had found employees watching daycare nanny-cams, one caught an employee hosting pay-for-view movies on the corporate server and a separate survey in the UK uncovered an employee at a manufacturing company who had been spending up to six hours a day on a dating agency site. Monitoring utilizes packet sniffer software to intercept, analyze, and archive all communications on a network, including email, chat sessions, applications and internet browsing, and keystroke logging which records every word that’s typed – even if subsequently deleted. One of the leading vendors, Wavecrest, boasts that Procter & Gamble “watch all 100,000 of their employees around the world with our products”. Omniquad’s Desktop Surveillance flashes an eye up on screen to warn employees wandering off the straight and narrow they are being watched. Like “a policeman behind every desk,” claims the company’s managing director.
Fighting Back: James Pacenza, 58, of New York who was fired by IBM for logging on to an adult chat room at work is suing the company for £2.6 million, is claiming protection under the American with Disabilities Act, said the stress turned him into “a sex addict, and with the development of the internet, an internet addict.” His lawyer says Mr Pacenza did not visit pornographic sites at work, violate any written IBM rules or surf the internet any more or any differently than other workers. IBM has asked a judge to dismiss the case, saying its policy against surfing sexual websites is clear. If the case goes to trial, it could affect how employers regulate non work-related internet use or how internet overuse is treated as a medical condition. [Source: the Times]
Email Monitoring: UK companies estimate nearly 1 in 5 outgoing emails contains content that poses a legal, financial or regulatory risk. In an effort to stop trade secrets, valuable intellectual property and internal memos leaving the building, 38% of UK companies employ staff to check or read outbound email and 61.6% perform regular audits. If you’re thinking that’s okay, you’ll use your Hotmail or Yahoo account, bear in mind over 40% of companies also deploy technology to monitor webmail, and another 25%, according to the Proofpoint report, say they are just about to. Off the shelf monitoring software can be configured to spot words and phrases and raise alerts (‘big engine’ for Renault’s F1 team, ‘chips’ for IBM), and to record all messages – sent and received – for further perusal. Your emails may well be stored. It’s increasingly common for email records to be subpoenaed in corporate litigation cases and employers may be sued, even imprisoned if the company can’t deliver them.
But the biggest headache for companies is monitoring employees’ emails for offensive content. The updated UK Sexual Offences Act includes email harassment. Now senders of emails construed as sexually harassing can be issued with a sexual offences prevention order and put on the national sex offender register. If the emails are sent by an employee at work, their employer will also be liable for prosecution. In the US Chevron had to pay $2.2 million to four female employees who successfully claimed sexual harassment after jokes like ‘’25 reasons why beer is better than women’’ were circulated around the office by email. Companies are also legally liable if email content creates a “hostile work environment”. Morgan Stanley settled for an undisclosed amount when two African American workers filed a $60 million racial discrimination case based on emails containing jokes they considered racist. No surprise then that UK companies are cautious. After a few high profile sackings for circulating porn at Rolls Royce, Barclays, Hewlett Packard, Orange and Royal Sun and Alliance, policies are now more likely to be universally enforced. Aside from the risk of financial penalties, emails can also affect a company’s reputation – as UK law firm, Norton Rose discovered in 2000 with the sexually explicit Claire Swire email, created by two lawyers and forwarded to around 10 million people around the world. Incidentally, 87 percent of UK employees have read a boss’s private email on at least one occasion; 66 per cent of them admitted to doing it all the time. (Indicii Salus 2002)
Phone Monitoring: Companies can automatically monitor call content and breaks between receiving calls. According to the AMA, the number of companies monitoring the amount of time employees spend on the phone and logging called numbers has risen from 9%-51% since 2001. Twenty-two percent record and review calls; 6% have fired employees for misuse. Sophisticated software is used to monitor performance of call centre workers in India from SL% (the percentage of calls handled within a set time); ATT (average talk time) to Idle Time and AWOL time – the time when the worker has stepped away from their desk. “Smart” ID cards and &GPS: US companies using GPS to monitor cell phones: 5%; using GPS to track company vehicles: 8%; using GSP to monitor employee ID/Smartcards: 8% Developed by the Department of Defense, GPS technology is now used to keep tabs on the enemy within: workers. Employers can localize and view in real time the positions of all corporate vehicles, their speed, direction, see when they stop and how often the fuel cap’s been removed. Applications built into mobile phones have also turned them into tracking devices.
Nokia monitor the movements of their own security guards by analyzing data received via Radio Frequency Identification (RFID) tags in their Nokia phones. Obviously RFID tags are marvelous things. Tracking merchandise by embedding them in packaging makes some sense, as does tracking US firefighters inside burning buildings (and monitoring their temperature and breathing) and Swedish miners 100 metres underground by embedding tags in uniforms. Implanting RFID chips in American hospital patients to track them through the medical system, and issuing UK university students with smart cards to monitor access and attendance, makes sense but jumps a line. According to the Electronic Privacy Information Center: “by using location tracking, an employer can even monitor whether employees spend enough time in front of the bathroom sink to wash their hands.
New employee ID cards can even determine the direction the worker is facing at any given time.” The large number of people working at least part of the time from home presents a corporate security challenge. Although – at least – vehicles, phones, laptops and (now Hitachi have invented RFID chips in powder form that can be embedded in paper) dossiers can be tracked.
Bloggers: UK companies that have disciplined an employee for violating blog policies in the past 12 months: 20.5% (3.6% resulting in dismissal) UK companies monitoring Instant Messaging traffic: 29.5% (30.4% said they will within 12 months) Following a YouGov survey that revealed 42% of 18-29 year old employees have discussed work-related issues on social media websites, and 59% think it is okay to access them from their work computer, security vendor Clearswift recommends companies introduce or tighten up security policies regarding access to Web 2.0 applications. There have been high profile sackings from major corporations, though, interestingly, not usually as a result of corporate espionage, but insulting the boss. Mark Jen was fired from Google in 2005, eleven days after he joining the company and recording his impressions – good and bad – of his employer; Joe Gordon was fired from Waterstone’s for his Woolamaloo Gazette blog in he cryptically mentioned “Bastardstone’s” and an “Evil Boss”, and Clifton Swigert, a former employee of West Virgina power company Allegheny Electric, was fired after posting his thoughts on the company retirement programme in a Yahoo discussion forum, despite the fact it was done anonymously and in his own time (Yahoo was subpoenaed to hand over subscriber details). Essential Corporate Tools: Business at Spycatcher of Knightsbridge says Lee Marks, “has been on a different stratosphere this last year.”
Demand, particularly from corporate customers, has shot up, technology has made anything possible. “Now with CCTV you have unlimited range. You can dial up your email address from Australia and see what’s going on in your UK office.” Also flying off the shelves are bug detectors and the new GSM listening devices – cell telephones built into picture frames, pot pourri pots, clocks, plug adaptors. “Dial in from anywhere and a microphone will discreetly open picking up conversations within 10-20 metres” says Marks. “The beauty of it is that these are totally legal to buy and sell and use in the EU, as long as you don’t break into a property or use information that’s not in the public domain for personal gain.”
Employees keen for office privacy might use the White Noise Generator which generates an unfilterable sound effective against microphone based listening devices coupled with US military camouflage face paint, while must-haves for the modern employer includes the baseball cap with hidden camera, book with a miniature microphone and camera inserted into the spine (‘leave it lying around and no-one would ever spot its real purpose’) or perhaps the transmitting pen camera which is activated with a twist of the lid (‘used with a pocket sized digital video recorder this unit is ideal for recording meetings’)
SORREL DOWNER / BUSINESS LIFE