October 25, 2004 4:00 AM PDT

Mind those IMs--your cubicle's walls have eyes

Big Brother is watching you at work, and making a pretty penny doing it.

As more and more companies install monitoring software to track employee activities--threatening to turn cubicles into no-privacy zones--businesses that offer workplace surveillance tools are enjoying a boomlet.

Security cameras and phone monitoring have long given bosses a view into workers' daily habits. But now employers are going further than ever, thanks to technology that can capture e-mail and instant messaging conversations, or record a worker's every keystroke.

News.context

What's new:
Surveillance of e-mail and IMs is on the rise, due to regulations such as the Sarbanes-Oxley Act and the growing use of e-communications as evidence in lawsuits.

Bottom line:
Workers may not like it, but companies that make snooping software don't mind--the workplace surveillance industry is enjoying a boomlet.

More stories on workplace surveillance

Websense, a maker of Internet monitoring tools, has seen its stock price nearly double in the last year, though it saw some gains erased late last week. The company is scheduled to report third-quarter 2004 results on Tuesday. Other top players in the market include SurfControl and Secure Computing.

"I think all these companies are seeing great demand," said Katherine Egbert, an analyst with Jefferies & Co. "Lately, regulatory compliance issues, and deadlines for meeting those regulations, have been driving sales."

The regulatory factors include financial reporting rules under the Sarbanes-Oxley Act and health care privacy mandates set forth in the Health Insurance Portability and Accountability Act, also known as HIPAA.

Liability concerns regarding employee e-mails and IMs are also on the rise, as lawyers increasingly turn to computer records as evidence in sexual harassment suits and other legal actions involving the workplace. Even tech luminaries, such as Microsoft Chairman Bill Gates, have used corporate networks to send e-mail that proved embarrassing in court.

"Productivity is a concern; loss of confidential information is still a concern; security breaches are a concern. But...the No. 1 concern is liability. Employers are afraid of being sued," said Nancy Flynn, executive director of the ePolicy Institute, which, together with the American Management Association (AMA), recently published a survey on e-mail and IM surveillance in the workplace.

"In almost every workplace lawsuit being filed today, e-mail is being subpoenaed as evidence," Flynn said. "IM will soon be subpoenaed on a regular basis as well."

Aiming at IM
According to the ePolicy-AMA survey, 60 percent of U.S. companies now use software to monitor incoming and outgoing external e-mail, while 27 percent of employers use software to track internal e-mail between employees. By contrast, employers have been relatively slow to monitor instant messaging, with just 10 percent of companies surveyed indicating they have taken steps to listen in on desktop chat.

"Employers think IM is an emerging technology and they don't have to monitor it yet," Flynn said. "But if they have employees in their 20s, chances are (those employees) probably have been using IM since high school and view it as old technology. And if a company doesn't provide enterprise IM, (workers will) probably go out on the Internet and download a free version."

IM giants America Online and Yahoo launched plans two years ago to offer corporate versions of their IM products, promising better security, along with regulatory compliance features not found in their free versions. Both have since scaled back those plans, but other companies have stepped in to fill the void, including industry titans such as Sun Microsystems and IBM, which are embedding their own IM products into their existing applications, and smaller companies such as IMLogic, FaceTime Communications and Akonix.

"Industry estimates say that by the end of 2005, IM in the workplace will surpass e-mail in the workplace," Flynn said. "IM is coming on fast, and given that, employers need to take the necessary steps now with their policies and monitoring software."

Monitoring software downloads is a top issue as well, industry observers and legal experts say.

In 2002, an Arizona company paid $1 million to settle a lawsuit with the recording industry that charged copyright violations involving MP3s stored on the company's computer systems. Since then, many corporations have adopted policies banning file-swapping software in the office and installed network traffic management software to track down potential violators.

Despite hot prospects, the industry has not seen a flood of new players. Instead, it has seen a rise in consolidation, particularly this year, Jeffries analyst Egbert said. Among recent deals, Blue Coat purchased Cerberian, CyberGuard acquired Webwasher, and Internet Security Systems bought Cobion.

Websense, for one, has seen its revenue and earnings soar. Sales went from $19.5 million in the second quarter of 2003 to $26.6 million in 2004. Net income for the same period jumped from 19 cents a share to 25 cents. Analysts expect the company will generate 25 percent annual growth over the next three years.

Customers such as PepsiCo and Ford Motor use Websense software to track and report employee Internet usage, block access to some Web pages, and set temporary access windows that limit the times some sites are available.

Expectations for the company have cooled recently. JPMorgan, which served as an underwriter for Websense's IPO, downgraded the stock from "Overweight" to "Neutral" on Friday. Websense shares fell 12 percent for the day, closing at $39.70.

"We believe upside potential in September is not as great as in June, and that December will be even tougher," Sterling Autry, JPMorgan analyst, said in a research note. "With the growth rate in seats up for renewal slowing, it places even more emphasis on gaining new customers...but the number of new seats bought by each new customer declines."

And justice for all
Despite its fast growth, the industry faces some gray areas, particularly regarding the legal nuances surrounding privacy of communications.

Courts have generally found that employers have the right to monitor equipment that they own on their premises, including telephones and computer systems. Nevertheless, laws surrounding the monitoring of employees' electronic communications are not as cut-and-dried as they appear, legal experts say.

"The federal Wiretap Act says it's unlawful to intercept electronic communications like e-mail and IM. The law, on the face of it, looks like it's illegal. But the courts have ruled that viewing stored e-mail is not considered a violation of the wiretap laws," said attorney Philip Gordon, chairman of the privacy practice group for law firm Littler Mendelson.

In one U.S. Court of Appeals case, the court further detailed how it is only considered a violation of the Wiretap Act if an e-mail is intercepted while it is traveling through the network pipe and is between two points. If, as in this particular case, an e-mail is simultaneously copied before it reaches its destination, that e-mail is considered "stored" during the copying process.

Meanwhile, the Stored Communications Act prohibits unauthorized access to stored communication, such as e-mail or IM, residing in servers. But the law allows Internet service providers or employers to access information that is on their network servers, because they are considered the system administrator.

However, if an employee has a personal e-mail account, through AOL or Yahoo, for example, and uses his or her company computer to access it, the employer cannot use the employee's computer and password to gain access.

"This happens more frequently than anyone is aware of," Gordon said.

Privacy and legal experts advise companies to set aside time and formulate policies regarding e-mail, instant messaging and downloads. They note that it's better to take preventative measures to halt the problem before it happens, rather than deal with matters after the fact, such as seeing confidential information released.

"Employers should tell employees what they're doing," said John Soma, a law professor and executive director of the Privacy Foundation. "They need to provide meaningful information as to why they have a monitoring policy and ask the employee for actual consent."

6 comments

Join the conversation!
Add your comment
What about Webmessenger?
Can they detect Microsoft's web based messenger? (webmessenger.msn.com)
Posted by slecalvez (225 comments )
Reply Link Flag
Just use an encrypted proxy service
The more companies spy on their employees, the more the products that allow me to "get away" with work-time Internet use will advance. I'm sitting here chatting and surfing away at work with all of my traffic encrypted and routed through a proxy somewhere in Europe.

This thing not only punches through the corporate firewall (getting around the censorware they have installed), it encrypts the traffic so that they can't see the sites I browse or my chat conversatiosn. I suppose I have to limit my bandwidth a bit or else one of the trolls who keeps the network running will get suspicious and drag me back to his cave in the basement.

There are tons of these products. I'm using the MetroPipe tunneler (www.metropipe.net).

The Internet feels more like a part of my brain each passing day. Damnned if I'm going to be lobotomized at work.
Posted by (1 comment )
Reply Link Flag
not only are you lazy and not doingyour job
but i would suspect that the products you are using are grounds for your firing as well as are probably not working as well as you hope...

play around on someone elses time eh
Posted by volterwd (466 comments )
Link Flag
Just fire the morons who goof off.
Just fire the morons who goof off.
Posted by lingsun (482 comments )
Reply Link Flag
As one of the aforementioned trolls...
I would gladly drag Mr. Wagnall's goldbricking ass past the cave and right out the door, pointing him right in the direction of the unemployment line.

In reality, the only kind of "lobotomy" suffered by slack-***** such as Mr. Wagnall is self-inflicted.

I have never ceased to be amazed at the stupidity of people who regard the equipment they use at work to be their own property, and as such, feel it is their right to dictate what they can and cannot do with said equipment.

And now, that same hubris is being extended to Internet services.

I'd venture to say that if folks such as Mr. Wagnall showed half as much initiative in performing the duties for which they are being paid a wage, they would not only have little to no time left for goofing off, they'd be so much moe mentaly engaged that they wouldn't care.

But, I suppose that would require one to actually give half a damn about giving a day's work for a day's wage, a concept very nearly extinct in today's workforce.
Posted by ManInBlack (2 comments )
Link Flag
I am so sick of people popping their heads over to speak with me.
I am going to order a book case that blocks anyones view.
Grab yourself...... man yourself up. But for the love of god if you want to speak walk up to me to the open end to which I use to go and sit down!
Next person who does this will be told what to do.
Posted by inachu1 (1399 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.