Web browsers, portals and a multitude of hyperlinks take us to many wonderful Web locations where we can buy goods or find information. Email is now considered an essential business and social tool, not far behind the telephone in importance to the avera ge person while at home and work. It is safe to say that in this day the average American has the ability to access and share information and various resources to a degree unparalleled with anytime in the past. What's not as easily seen is that access t o the Internet and the World Wide Web comes at a price. As we move through the Web our presence can be recorded; the details of what we say divulged. Our online preferences are analyzed; the hard drives of our computers looked over. What's more, all of this can be done without our knowledge. A respectful workplace and home privacy policy is needed. As this paper is going to publication, the Bush administration is issuing a long awaited set of guidelines for protection against terrorist threats in cybe rspace detailed further down.
The problem in the workplace
Electronic privacy in the work place is fraught with numerous issues. Increasingly employers are implementing software programs that monitor every facet of an employee's action as they work on their computer and especially tracking what they send, re
ceive and see online.
From the employer's perspective there are at least three major concerns that prompt monitoring of employees (9):
- Concern for potential misuse of electronic media, such as for sexual or customer harassment, that could lead to legal problems for the employer
- Concern for security as it applies to bringing malicious code into systems via Email and Web interactions
- Concern with the abuse of Web and Email use by employees, resulting in lost employee productivity, as well as the clogging of the organization's Internet connections with unnecessary bandwidth use due to large, non-business-related downloads.
When it comes to workplace monitoring, the employer's perspective seems to be that if an employee is not doing something wrong, then why should they worry about being monitored? Of course, the issue is not that simple. While employees may not be able to p
rovide many reasons for their discomfort with monitoring beyond a vague notion of it violating their privacy, a good argument can be made that oversight places employees in a position where they've lost control over some aspect of their life, specifically
with how their life is viewed by someone else. Central to employee discomfort is the view that monitoring provides snapshots, from which judgments are made about people that can affect how they are perceived. With monitoring they have no control over the
se perceptions (1).
With no ability to affect the perceptions that managers form of their employees, the employees may lose control over their sense of self-worth. Booker T. Washington once said, "Few things can help an individual more than to place responsibility on him, an d to let him know that you trust him." We go in the opposite direction of this concept when we tell employees, that their every move on the computer keyboard, all of their Email, and any Web site they are visiting will be monitored, analyzed and evaluated as deemed appropriate. How did we get to this, why is it happening, and should this be how we do business?
Online Privacy on the Job
We've come a long way in terms of how much privacy we actually do have at work. As mentioned previously, employees historically had few legal rights in the workplace. In the height of the Industrial Revolution, they lived in company housing, bought
nearly everything at the company store, worshipped at the company church and sent their children to the company school. George Pullman, for example, created just such an environment in Pullman, Illinois in 1880. Pullman, in addition to effectively ownin
g the town, employed a group of inspectors who enforced rigid codes of conduct by fining citizens of Pullman who misbehaved. Things ran fairly well, at least by Mr. Pullman's view of things, until 1898 when the Illinois Supreme Court ruled that you can "o
wn" a company, but not a town (2). In Pullman's day, debates over privacy were largely nonexistent. You simply took it for granted that you didn't have any privacy and this was especially the case if keeping your job depended on giving up what little pri
vacy you did have, as Mr. Pullman all too well knew. While the level of invasiveness that existed at the end of the nineteenth century isn't with us now, there are still many areas where employers have deemed it appropriate to invade what many of us would
consider to be personal and private.
Three different legal examples can frame where we stand with regard to workplace privacy and specific considerations associated with electronic forms of communications in the past 15 years.
First is a court case, O' Connor v. Ortega (3). In 1987, the U.S. Supreme Court upheld a supervisor's search of a government employee's office, desk, and files in a public-sector work place. The court stated that an employee had an expectation
of privacy in these areas, but that this expectation was outweighed by a search that was "reasonable under all circumstances" (4). O'Connor v. Ortega made clear that the court is willing to give employers great latitude when it comes to establishing the b
oundaries of an employee's privacy in the workplace. This case establishes that the courts do not view the business environment as offering employees the same protection for privacy as they expect in their home, or even on the street for that matter. The
provision of a search in the workplace being "reasonable in all circumstances" provides a workplace supervisor the latitude to search employees beyond that enjoyed by the police in a search of someone's home or vehicle.
The Next issue is inherent in the Electronic Communication Privacy Act of 1986 (ECPA). The ECPA amended Title III of the Omnibus Crime Control and Safe Streets Act of 1968 (the Wire Tap Statute), which was designed to protect communications from gover nment surveillance. The law also regulated private individuals and businesses. The ECPA amended the Wire Tap Statute to encompass transmissions of electronic data by computer and the law prohibits both the interception of electronic communications and ac cess to stored electronic communications. Some commentators argue that this new law gives employees of private entities a right to privacy in their e-mail; however, there is support for the proposition that employers who own the computer system used by t heir employees have the right to monitor employees' e-mail. (5) An important consideration surrounding ECPA restrictions on employee monitoring centers on what is termed the "business exception". The legal argument behind the "business exception" falls on the premise that a business is allowed to protect itself from e mployee misuse of electronic communications by monitoring employee use of electronic systems. For the "business exception" to apply, an employer's reason for monitoring would need to be credible and not excessive. In such circumstances the employer would need to show that the monitoring of employee communications is necessary to prevent misconduct in the work environment, needed to assure the quality of communications with customers, or that the recordings are to be used for the training of new employees (6).
In August of 1992, Alana Shoars brought a class action suit against Epson America, Inc. (Flanagan et al. v. Epson Am., Inc.) for invasion of privacy (7). In this case Epson, unbeknownst to its employees, was routinely monitoring employee Email. Shoars, th e Email administrator for the company, discovered the practice, confronted management about the issue, and was subsequently fired. Ms. Shoars' suit was specifically for invasion of privacy under the California state constitution and statutes. Both the issue of company ownership of the Email system in question, a consideration that brought this matter under the umbrella of O'Connor v. Ortega, and the "business exception" in the ECPA, weighed against Ms. Shoars. It was determined that the ECPA a pplies if the business providing Email access is an Internet service provider, but this was not the case with Epson. In addition, there was no California law that addressed the issue of electronic privacy in 1992. Ms. Shoars, and those with her in the cas e, lost the class action suit. In the final consideration we find that O'Connor v. Ortega is used to justify an entirely new level of legal invasiveness when the legal system, itself, pushes the boundaries of what is or is not private. Employers are increasingly justifying employee mo nitoring from the perspective of preventing lawsuits. The number one reason for employer monitoring of any form of employee electronic communications (i.e., Email or Web searching), is the fear of lawsuits. U.S. News & World Report recently found that, "C ompanies state that they need to protect themselves against lawsuits, and use surveillance software and other tools that allow them to see what their employees are doing. Such software packages are becoming much less expensive and easier to use" (8).
What is the Best Path?
A number of ethical questions arise:
- Is the increase in monitoring simply a case of concern for legal penalties if such monitoring is not conducted? The Privacy Foundation's position is that while there seems to be some grounds for such concern, what tends to drive the use of monitorin
g software is more its availability and decreasing price, i.e., it's not that it's needed but that it's easy to do cheaply (15).
- From an organizational perspective there's the question of whether the benefits outweigh the related risks. Yes, businesses monitoring employees are more likely to catch the occasional sexual harasser, bandwidth hog or the stray Web crawler, but are the
se limited situations worth the resulting effect on morale and the feeling of hostility towards management?
- If monitoring is to occur, to what extent should the employee be notified? This is actually related to the last question. If the focus of the surveillance system is to prevent vice (and to catch an employee in the course of doing something wrong), then
it seems reasonable that employees be given sufficient warning that they're being monitored. In fact, most employers provide cursory warnings, often included somewhere in employee handbooks. Employees frequently overlook these warnings and, when pointed o
ut, come as a surprise to them.
Conclusion
Employers have a legitimate concern regarding the proper use of electronic communications resources. Such concerns appear to be easily resolved by the use of inexpensive software packages that allow for the routine monitoring of all employees. While t
he initial implementation of such monitoring may well be inexpensive, the possible long-term costs may outweigh the potential benefits. This is especially true when it is understood that most of the problems allegedly solved by monitoring can be solved w
ith existing software programs (rather than monitoring programs) or by consistent enforcement of organization policies that address issues of primary concern to employers, such as sexual harassment. Policies that emphasize trust in employees and foster a
positive work environment are far more likely to encourage the type of loyalty and commitment that companies desire from their employers. Such qualities, unlike software, cannot be bought.
One could also add a possible counter theoretical point that a network-connected computer can make all kinds of connections without the user being aware. We tend to act as if the only sites to which our computer will connect are the ones that we choose by
typing in a URL or pressing the SEND button on a mail program. But software can make connections without our even knowing. That's the same principle that underlies Melissa-style viruses.
REFERENCES