I Spy

Is The Ceo Reading Your E-Mail?

That Christy Goralnik's boss insisted on seeing a copy of every letter her employee sent out isn't very surprising— there are a lot of overbearing managers out there. What was startling, at least to Goralnik, was the extent to which her boss's paranoia manifested itself in a way that violated what Goralnik believed was her right to privacy. "One day my manager came into my cube and asked me to open my e-mail outbox," Goralnik recalls. "Then she made me open up each e-mail in succession and proceeded to read them, one by one, standing right behind me at my desk."

Goralnik, then an entry-level worker for a New York City­based Internet service provider, was stunned. "I guess my boss thought we were talking about her behind her back," she says. "But it was so shocking to have her pointing at my screen, saying, 'Open this one. Now open this one.' " The invasion was too much for Goralnik to bear; not long after the incident, she quit her job.

The recently completed second session of the 105th Congress drew attention for putting a three-year moratorium on e-commerce taxes and safeguarding the personal information of online consumers— not to mention its somewhat ill-advised passage of CDA II, the spawn of the much maligned Communications Decency Act. But there is an important issue that this apparently Net-savvy Congress ignored: do the multiplying legions of American workers connected to the Internet have any fundamental rights to privacy while online?

According to Jeremy Gruber, legal director of the ACLU's Task Force on Civil Liberties in the Workplace, situations like Goralnik's are becoming increasingly common; electronic monitoring in the workplace is the number one complaint received by the ACLU. All across the country, companies are monitoring (if not also restricting) the Internet use of millions of employees, in many cases without the employees even knowing about it.

"There's almost no limit to what an employer can do in terms of watching their employees' activities," Gruber says. "And it's all legal." He relays the story of a woman who complained to the ACLU that her boss congratulated her on being pregnant, when she'd yet to tell anyone in the office that she was expecting. What had she done? She'd accessed from her office computer a variety of Web sites geared specifically toward mothers-to-be. "It's unbelievable how much an employer can learn about your personal life using Internet tracking software," says Gruber.

This software— with names like Net Access Manager, Cyber Patrol Corporate, and Desktop Surveillance— allows employers to see who their workers correspond with via e-mail (and what is communicated), what sites they view (or try to) and what files they download (and from where), not to mention how long they spend online. In some cases, the programs can also perform keystroke monitoring, which enables employers to count the number of keys employees hit each minute and to determine how long employees spend away from their terminals— in the bathroom, for instance. According to the Privacy Rights Clearinghouse, keystroke monitoring has been definitively linked with health problems like stress disorders and carpal tunnel syndrome.

In a study completed earlier this year by CIO magazine and the Massachusetts-based research firm ICEX, slightly more than half of all companies surveyed utilized some sort of Internet monitoring software. And because of the current judicial landscape and loopholes in existing legislation, it's at the employer's discretion whether or not workers are informed that Big Brother is lurking there in the wires.

"The biggest problem we see is people being caught off guard, doing things they wouldn't normally do if they knew they were under surveillance," says David Sobel, general counsel for the Washington, D.C.­based Electronic Privacy Information Center (EPIC). Examples abound. Recently, a worker complained to the National Employee Rights Institute that he'd been fired, despite 20 years of distinguished service, because he'd used the company e-mail system to keep track of some informal basketball bets placed by fellow employees.

Last April, two Wall Street traders from Salomon Smith Barney were fired for exchanging pornography via e-mail. A group of management trainees at another New York bank was severely reprimanded for passing around an e-mail list of jokes, some of which were allegedly deemed "off-color" by one recipient. A representative of the bank declined to comment on the incident or explain the company's Internet use policy. In fact, openly discussing these sorts of policies is not something many companies are fond of doing.

Clearly, employers have some responsibility to curb illegal activities being conducted over their networks, particularly things like sexual harassment, which can open up an employer to potentially devastating liabilities. But there's a lot more than porn and gambling that employers monitor without announcing their intentions: the ACLU's Gruber recalls a complaint from an employee who was immediately terminated after writing an unflattering (but not libelous or defamatory) e-mail about his boss and sending it to another employee.

"The courts have generally said that because the computer system is the property of the employer they can basically do whatever they want," says EPIC's Sobel. Still, this not-terribly-worker-friendly state of affairs is indicative of the larger situation in this country concerning workplace rights in general. As Gruber puts it: "When you enter the workplace at nine you basically throw your copy of the Bill of Rights in the garbage and fish it out again at five on your way out."

Next Page »