Your computer at work is almost certainly an open book to your boss, with every keystroke you type and web page you view easily recorded and quietly checked, with or without your permission or knowledge. What can you do about it? Frederick Lane, author of “The Naked Employee: How Technology Is Compromising Workplace Privacy,” explains what employees need to know. Here's an excerpt:
The Privacy of E-MailSince the widespread adoption of the Internet by the general public, electronic correspondence has grown to staggering levels: The research firm The Gartner Group estimated that in 2001, more than 5.5 trillion e-mails were sent worldwide, or roughly 15 billion messages per day. The research analyst group International Data Corporation predicts that by 2006, the daily e-mail count will quadruple, to something in the range of 60 billion messages. By contrast, the U.S. Postal Service handled roughly 200 billion pieces of mail for all of 2001.10
E-mail is rapidly becoming the predominant form of business communication. The advantages are self-evident: speed, convenience, low cost, ease of use, the elimination of phone tag, and so forth. But e-mail is, to put it mildly, a double-edged sword: Indiscreet workplace e-mail writers are, to borrow a cliché, the road kill of the information superhighway. Hardly a week goes by without new stories of employees who have been fired as a result of management disapproval of their workplace correspondence. According to the American Management's Association's most recent annual workplace survey, roughly one-half of all employers in this country periodically review their employees' e-mails, and one-third of all businesses have fired someone for inappropriate use of company e-mail or improper Web surfing.
To understand the role that e-mail is playing in employment and the ease with which it can be monitored, it's useful to take a closer look at this incredibly popular form of communication.
Searching Electronic MailMuch of the misconception regarding e-mail privacy stems from the way it mirrors the characteristics of other types of communication: It's a written communication, which implies the privacy of first-class mail, and it's person-to-person and virtually instantaneous, which suggests the privacy of a telephone conversation. Unfortunately, e-mail lacks the privacy protection given to either form of communication.
To begin with, the mere fact that an e-mail is a written communication from one person to another person (or a group of people) accords it no particular protection. Only letters that are sealed, stamped, and deposited in a U.S. Postal Service mailbox are entitled to the privacy protection offered by federal law. Since e-mail doesn't remotely conform to postal regulations, it has roughly the same privacy protection enjoyed by postcards, and no one would rationally consider a postcard sent through the mails to be a private document. But when it is mailed in a sealed envelope, even the raunchiest "You're Turning Forty" birthday card has more legal protection than the most sensitive or profound e-mail.
Telephone calls also offer employees greater privacy protection than e-mails. The Electronic Communications Privacy Act (ECPA), which Congress adopted in 1986, divides electronic communications into two categories: stored communications and communications in transit. Electronic communications that are in transit are entitled to roughly the same protection accorded voice communication — that is, an employer cannot intercept them or record them (subject to certain exceptions). But unlike voice communication, which is almost always live, e-mail is almost always stored in one fashion or another.11 As long as an employer is searching a stored collection of e-mail, it can poke and pry at will.
The potential storage sites for your e-mails are myriad. Every e-mail program contains an option to copy the messages you send to a "sent" folder on your computer, and most computer users either purposely choose to have their messages saved or are oblivious to the fact that the program is doing so automatically. As we've seen, assuming that you've been given notice of the possibility of searching, your company can search the files on your computer at its discretion, and that includes the contents of your "sent" folder, your inbox, your "draft" folder, and anything else that it thinks might be interesting.
Even if you don't save copies of your e-mail on your computer, the normal operation of a corporate network creates other storage opportunities. When you click "send" on your office network computer, for instance, your e-mail program typically forwards your e-mail to the network mail server, which breaks the message into packets and sends them over the Internet toward their destination. For the purposes of the Electronic Communications Privacy Act, the e-mail's arrival at the network mail server is the equivalent of an airport layover. Even if the retransmission of your e-mail is virtually instantaneous, its brief stop in the network mail server constitutes "storage" for the purposes of employer investigation and review.
In some workplaces, incoming and outgoing employee e-mail is stored on a mail server, which the company copies each evening onto another hard drive or backup tape. Tape archives are typically kept for a finite period of time (usually thirty days or so), but it's not uncommon for e-mails that are months or even years old to be retrieved from archives. How long a particular company maintains its electronic archives depends on its own retention policy; companies need to balance a number of competing concerns including data integrity and protection, the ability to review the electronic behavior of their employees, and the legal exposure they risk by having months and months of electronic materials on file.12
E-Mail Firings and Other Tales of Electronic WoeUndoubtedly, Michael Smyth never intended to carve himself out a permanent place in the battle over workplace privacy rights. Nonetheless, his name is inextricably linked with one of the first federal court decisions regarding the privacy of e-mail. In October 1994, Smyth, a regional operations manager for the Pillsbury Company in Philadelphia, received some e-mails from his supervisor on his home computer. The e-mails originated on an internal e-mail system set up and maintained by Pillsbury, and Smyth's responses traveled across the same system on their way back to his supervisor.
During this e-mail exchange, Smyth ridiculed Pillsbury's sales management, threatened to "kill the back-stabbing bastards," and referred to a holiday party at Pillsbury as a "Jim Jones Kool-Aid affair." A company executive who reportedly saw a copy of that message in an office printer undertook a thorough review of all of Smyth's e-mails, and on February 1, 1995, Smyth was fired by Pillsbury "for transmitting what it deemed to be inappropriate and unprofessional comments over defendant's e-mail system." Smyth sued to regain his job, arguing that Pillsbury had explicitly promised that all e-mails would remain privileged and confidential. In fact, the District Court found that Pillsbury had also promised that e-mails "could not be intercepted and used by defendant against its employees as grounds for termination or reprimand."
The court agreed that Pillsbury had broken its promise to Smyth, but held that he had no claim against the company nonetheless.13 Its language starkly underscores the limited privacy rights that employees have in their e-mail messages:
... unlike urinalysis and personal property searches, we do not find a reasonable expectation of privacy in e-mail communications voluntarily made by an employee to his supervisor over the company e-mail system notwithstanding any assurances that such communications would not be intercepted by management. Once plaintiff communicated the alleged unprofessional comments to a second person (his supervisor) over an e-mail system which was apparently utilized by the entire company, any reasonable expectation of privacy was lost ... even if we found that an employee had a reasonable expectation of privacy in the contents of his e-mail communications ... we do not find that a reasonable person would consider the defendant's interception of these communications to be a substantial and highly offensive invasion of his privacy ... by intercepting such communications, the company is not ... requiring the employee to disclose any personal information about himself or invading the employee's person or personal effects. Moreover, the company's interest in preventing inappropriate and unprofessional comments or even illegal activity over its e-mail system outweighs any privacy interest the employee may have in those comments.
Far more than the telephone, e-mail underscores the tension between an employee's work and his personal life. While most employees would agree that it would not be appropriate to spend large amounts of time making personal phone calls in the office, it's more difficult to see the harm in dashing off a few quick e-mails to family and friends. From the employer's perspective, however, personal e-mails are more problematic than personal telephone calls: The time required to send even a "quick" e-mail adds up over the course of the day, and even more distressingly, an inappropriate e-mail can later play a starring role in litigation against the company.
It was precisely those types of concerns that have led hundreds, if not thousands, of companies to fire employees for improper use of e-mail. Here are just a few examples, drawn from mid-1999 to late 2000:
In Michigan, Dow Chemical fired twenty-nine employees and suspended forty-two others for sending pornographic or "violent" images over the company e-mail system.
After a review of its employee e-mail archives, The New York Times fired twenty-three workers for distributing pornography and dirty jokes by e-mail. Xerox fired twenty-two people from its Virginia office for sending offensive e-mails. The St. Louis brokerage Edward Jones & Co. fired eighteen employees and warned forty-one others about sending pornography across the company e-mail system.
By now, employers can rely with confidence on the long line of court decisions that have resolved the tension between the company's property and employee privacy interests in favor of businesses. Whatever common law interests in privacy you may think you have in your electronic communications are superseded by the fact that your employer owns and operates the system over which the e-mail travels.
The Privacy of Web Surfing
At the end of each business trip or family vacation, when you've lugged your weary self home, the first cold dash of reality is unpacking. Out from the luggage come the travel-worn clothes, souvenirs, unsent postcards, flight-surviving paperbacks, purloined toiletries, amusement park stubs, credit card receipts, local coinage, and tourist maps. This motley collection of stuff offers a good idea of where you went, the food you ate, and what you did while you were away.
Each time that you travel the World Wide Web, you bring back precisely the same type of post-travel tidbits, albeit in electronic form. It's a little more difficult to view the remnants of your Web journeys; the trade-off, however, is that the record of the journey maintained by your computer is far more detailed than anything that comes out of your suitcase.
The Lure of Office Web Surfing
The popularity of Web surfing in the office can be traced to one main factor: Even today, the Internet connections in most offices are far faster than the connections that most employees have at home. That helps to explain why graphics-intensive sites like sports news, stock trading, and pornography see strong surges in activity beginning at 9:00 a.m. East Coast Time.
As we saw in Chapter 1, Web surfing by employees raises two main concerns for employers: productivity and liability due to the dissemination of inappropriate materials. Without adequate discipline, the World Wide Web can be a tremendous time sink; no other medium comes close to matching the Internet's depth of materials, interactivity, and sheer distractive potential.
Ironically, nonproductive Web surfing can be a problem for adult companies as well. Juli Stone, the director of sales and marketing for Falcon Foto, one of the largest providers of content for adult websites, has had to contend with employees who don't spend enough time surfing porn sites. "People have gotten into trouble at our office," Stone said, "for visiting nonporn sites too often. One guy was fired for spending all day monitoring his auctions on eBay." Falcon Foto doesn't have a written policy regarding Web use, Stone reported. "It's easy enough to walk around the office and see what everyone is doing," she said. "If they're not looking at a porn site, they're not working."
Excerpted from “The Naked Employee: How Technology Is Compromising Workplace Privacy” by Frederick S. Lane. Copyright © 2006, Frederick S. Lane. All rights reserved. Published by . No part of this excerpt can be used without permission of the publisher.