That Christy Goralnik’s boss insisted on seeing a copy of every letter her employee sent out isn’t very surprising— there are a lot of overbearing managers out there. What was startling, at least to Goralnik, was the extent to which her boss’s paranoia manifested itself in a way that violated what Goralnik believed was her right to privacy. “One day my manager came into my cube and asked me to open my e-mail outbox,” Goralnik recalls. “Then she made me open up each e-mail in succession and proceeded to read them, one by one, standing right behind me at my desk.”
Goralnik, then an entry-level worker for a New York Citybased Internet service provider, was stunned. “I guess my boss thought we were talking about her behind her back,” she says. “But it was so shocking to have her pointing at my screen, saying, ‘Open this one. Now open this one.’ ” The invasion was too much for Goralnik to bear; not long after the incident, she quit her job.
The recently completed second session of the 105th Congress drew attention for putting a three-year moratorium on e-commerce taxes and safeguarding the personal information of online consumers— not to mention its somewhat ill-advised passage of CDA II, the spawn of the much maligned Communications Decency Act. But there is an important issue that this apparently Net-savvy Congress ignored: do the multiplying legions of American workers connected to the Internet have any fundamental rights to privacy while online?
According to Jeremy Gruber, legal director of the ACLU’s Task Force on Civil Liberties in the Workplace, situations like Goralnik’s are becoming increasingly common; electronic monitoring in the workplace is the number one complaint received by the ACLU. All across the country, companies are monitoring (if not also restricting) the Internet use of millions of employees, in many cases without the employees even knowing about it.
“There’s almost no limit to what an employer can do in terms of watching their employees’ activities,” Gruber says. “And it’s all legal.” He relays the story of a woman who complained to the ACLU that her boss congratulated her on being pregnant, when she’d yet to tell anyone in the office that she was expecting. What had she done? She’d accessed from her office computer a variety of Web sites geared specifically toward mothers-to-be. “It’s unbelievable how much an employer can learn about your personal life using Internet tracking software,” says Gruber.
This software— with names like Net Access Manager, Cyber Patrol Corporate, and Desktop Surveillance— allows employers to see who their workers correspond with via e-mail (and what is communicated), what sites they view (or try to) and what files they download (and from where), not to mention how long they spend online. In some cases, the programs can also perform keystroke monitoring, which enables employers to count the number of keys employees hit each minute and to determine how long employees spend away from their terminals— in the bathroom, for instance. According to the Privacy Rights Clearinghouse, keystroke monitoring has been definitively linked with health problems like stress disorders and carpal tunnel syndrome.
In a study completed earlier this year by CIO magazine and the Massachusetts-based research firm ICEX, slightly more than half of all companies surveyed utilized some sort of Internet monitoring software. And because of the current judicial landscape and loopholes in existing legislation, it’s at the employer’s discretion whether or not workers are informed that Big Brother is lurking there in the wires.
“The biggest problem we see is people being caught off guard, doing things they wouldn’t normally do if they knew they were under surveillance,” says David Sobel, general counsel for the Washington, D.C.based Electronic Privacy Information Center (EPIC). Examples abound. Recently, a worker complained to the National Employee Rights Institute that he’d been fired, despite 20 years of distinguished service, because he’d used the company e-mail system to keep track of some informal basketball bets placed by fellow employees.
Last April, two Wall Street traders from Salomon Smith Barney were fired for exchanging pornography via e-mail. A group of management trainees at another New York bank was severely reprimanded for passing around an e-mail list of jokes, some of which were allegedly deemed “off-color” by one recipient. A representative of the bank declined to comment on the incident or explain the company’s Internet use policy. In fact, openly discussing these sorts of policies is not something many companies are fond of doing.
Clearly, employers have some responsibility to curb illegal activities being conducted over their networks, particularly things like sexual harassment, which can open up an employer to potentially devastating liabilities. But there’s a lot more than porn and gambling that employers monitor without announcing their intentions: the ACLU’s Gruber recalls a complaint from an employee who was immediately terminated after writing an unflattering (but not libelous or defamatory) e-mail about his boss and sending it to another employee.
“The courts have generally said that because the computer system is the property of the employer they can basically do whatever they want,” says EPIC’s Sobel. Still, this not-terribly-worker-friendly state of affairs is indicative of the larger situation in this country concerning workplace rights in general. As Gruber puts it: “When you enter the workplace at nine you basically throw your copy of the Bill of Rights in the garbage and fish it out again at five on your way out.”
More than half of the companies in the CIO survey have formal Internet use policies, up from just 31 percent in 1996, says Rick Swanborg, who oversaw the study. Close to half prohibit all “nonbusiness” use of the Internet at all times. (In 1996, a little more than a third of companies outlawed all personal use of the Net.)
But according to Swanborg, such policies are the least likely to be followed. This doesn’t surprise Don Pavlish, the Webmaster of Don’s Boss Page, a site devoted to workers who can’t freely surf the Net while on the job. The site, which was started when Pavlisch was a student at New York University, is accessed by nearly 200,000 unique visitors a month. They come for “stealth surfing tips” but they mainly are there for Pavlish’s “panic button,” which allows idle surfers to instantly call up a seemingly work-related spreadsheet. Another site, anonymizer. com, enables people to send e-mail and surf the Web anonymously, even if they’re visiting from an office-based computer. That site processes 30,000 e-mails and serves up 7 million Web pages each month.
Pavlish, who now designs commercial Web sites in Cleveland, says he started his site “for a laugh.” But he quickly realized that for many people, lack of unrestricted access at work is no joke. “My server logs show tons of hits from Fortune 500 companies and major government agencies,” he says, an indication “that there is a real tension in the workplace over this issue. You have no idea how many e-mails I get saying, ‘Your site saved my job.’ ”
Pavlish and others argue that it’s human nature for employees to want or need a certain degree of latitude in terms of occasionally using the Internet for nonbusiness-related affairs— even if such use is confined to lunch time and after-hours. “Surfing the Web can be like chatting with people at the water cooler or going down to the lobby for a smoke,” he says. “But in a way it’s so much better: an employee can learn a lot more about where commerce and communication are headed by surfing for a few minutes than by crawling under some stairwell to smoke a butt.”
Swanborg agrees. “In these days of people working harder and longer, some companies have personal valets to do your dry cleaning. How could the same company reasonably object to you ordering a suit online on your lunch break?”
“Knowledge workers can’t have their productivity measured by how many pieces of metal they stamp out of a hydraulic press,” says Lance Cottrell, CEO of the company that runs anonymizer.com. “And with the wrong kind of policy, you’ve just put up a banner saying, ‘Hey we think you’re all a bunch of slackers and thieves. And by the way, have a nice day and work hard.’ “