Employee privacy is collateral damage

I have a friend who works for a large company, and he’s quite a jokester. He loves to send off-color jokes to his closest friends. I recently cautioned him about doing this from work, telling him he could get himself in trouble with his employer. He said, “Don’t worry, I only send these jokes to a few people who really know me. They know I’m only kidding around.”

Uh, oh, I thought. He doesn’t know. He’s not aware that every digital action he takes at work probably is monitored and logged. He doesn’t realize his jokes and his complaints and ranting about co-workers live forever in an e-mail archive. He doesn’t know his personal conversation on the company’s phone system can be reconstructed and listened to verbatim six months from now. He isn’t aware his company knows about every Web site he visits on a given workday, and how he spends his time online.

Talking to my friend made me realize that average office workers are unaware of the extent to which they can be monitored at work — even if there is no suspicion of aberrant behavior.

That’s not to say that companies snoop on employees because employees can’t be trusted to use their time and company-owned resources properly. In fact, this is rarely the case. Rather, employee privacy is more like collateral damage in the effort to wring out wasteful operational costs and to improve the security and efficiency of expensive IT systems. It’s usually only in extreme cases when an employee is suspected of wrongdoing that the digital monitors are purposely pointed directly at him.

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

I have a friend who works for a large company, and he’s quite a jokester. He loves to send off-color jokes to his closest friends. I recently cautioned him about doing this from work, telling him he could get himself in trouble with his employer. He said, “Don’t worry, I only send these jokes to a few people who really know me. They know I’m only kidding around.”

Uh, oh, I thought. He doesn’t know. He’s not aware that every digital action he takes at work probably is monitored and logged. He doesn’t realize his jokes and his complaints and ranting about co-workers live forever in an e-mail archive. He doesn’t know his personal conversation on the company’s phone system can be reconstructed and listened to verbatim six months from now. He isn’t aware his company knows about every Web site he visits on a given workday, and how he spends his time online.

Talking to my friend made me realize that average office workers are unaware of the extent to which they can be monitored at work — even if there is no suspicion of aberrant behavior.

That’s not to say that companies snoop on employees because employees can’t be trusted to use their time and company-owned resources properly. In fact, this is rarely the case. Rather, employee privacy is more like collateral damage in the effort to wring out wasteful operational costs and to improve the security and efficiency of expensive IT systems. It’s usually only in extreme cases when an employee is suspected of wrongdoing that the digital monitors are purposely pointed directly at him.

Workers might view digital monitoring as the rogue actions of an Evil Empire, but it’s really just good IT operations.

I explained to my friend that large companies’ IT departments use tools that, by default, reveal much more than often is needed to manage their IT systems. Office workers should keep this in mind and act accordingly, knowing full well that others can “see” what they are doing.

For instance, a company deploys a secure Web-gateway appliance to block harmful Web sites that might plant viruses or spyware on desktop workstations. The appliance also does content-filtering to prevent users from being exposed to offensive materials, such as pornography. Most employees would agree these are worthwhile pursuits. What they don’t realize, however, is that administrators and managers can use such tools to track every Web site and page visited by every computer user on the network. This is no big deal, unless you are the guy who spends an hour a day on your Fantasy Football site. Would you want your boss to know that’s how you spend your time in the office?

Or, consider what can be done with a VoIP analyzer. Technicians use such a tool to listen to recorded conversations to determine the quality of calls. Is there packet loss or network jitter that leads to broken dialogue? Certainly problems like these need to be rooted out and resolved. Too bad if the monitor happens to play back a call in which an employee is “privately” whispering sweet nothings to her hot boyfriend across town. Oops!