Markkula Center of Applied Ethics

LittleBrother is watching you

If you happen to be reading this article online from your computer at work, your boss may be reading over your shoulder-electronically. New technologies allow employers to check whether employees are wasting time at recreational Web sites or sending unprofessional e-mails. But when do an employer's legitimate business interests become an unacceptable invasion of worker privacy?

By Miriam Schulman

Last year, a software package came on the market that allows employers to monitor their workers' Internet use. It employs a database of 45,000 Web sites that are categorized as "productive," "unproductive," or "neutral," and rates employees based on their browsing. It identifies the most frequent users and the most popular sites. It's called LittleBrother.

[Man on the computer]

Though the title is tongue-in-cheek, LittleBrother does represent the tremendous capabilities technology has provided for employers to keep track of what their work force is up to. There are also programs to search e-mails and programs to block objectionable Web sites. Beyond installing monitoring software, your boss can simply go into your hard drive, check your cache to see where you've been on the Net, and read your e-mail.

Did you delete that message you sent about his incompetence? Not good enough. The e-mail trash bin probably still exists on the server, and there are plenty of computer consultants who can retrieve the incriminating message.

All told, such monitoring is a widespread-and-growing-phenomenon. Looking just at e-mail, a 1996 survey by the Society for Human Resource Management found that 36 percent of responding companies searched employee messages regularly and 70 percent said employers should reserve the right to do so.

The Law

Legally, employees have little recourse. The most relevant federal law, the 1986 Electronic Communications Privacy Act, prohibits unauthorized interception of various electronic communications, including e-mail. However, the law exempts service providers from its provisions, which is commonly interpreted to include employers who provide e-mail and Net access, according to David Sobel, legal counsel for the Electronic Privacy Information Center in Washington, D.C. A federal bill that would have required employers at least to notify workers that they were being monitored failed to come to a vote from 1993 to 1995.

The situation in the courts is similar. "There aren't many cases, and they tend to go against the employee," according to Santa Clara University Professor of Law Dorothy Glancy. "Often, court opinions take the point of view that when the employees are using employers' property—the employers' computers and networks—the employees' expectation of privacy is minimal." When courts take this view, Glancy continues, "if employees want to have private communications, they can enjoy them on their own time and equipment."

In a presentation on employee monitoring, Mark S. Dichter and Michael S. Burkhardt of the law firm Morgan, Lewis & Bockius explain that courts have tried to balance "an employee's reasonable expectation of privacy against the employer's business justification for monitoring."

[A Computer]

For example, in Smyth v. Pillsbury Co., Michael Smyth argued that his privacy was violated and he was wrongfully discharged from his job after his employers read several e-mails he had exchanged with his supervisor. In the electronic messages, among other offensive references, he threatened to "kill the backstabbing bastards" in sales management.

The court ruled that Smyth had "no reasonable expectation of privacy" on his employer's system, despite the fact that Pillsbury had repeatedly assured employees that their e-mail was confidential. In addition, the court held that the company's interest in preventing "inappropriate and unprofessional" conduct outweighed Smyth's privacy rights.

Privacy as a Moral Matter

But the fact that employee monitoring is legal does not automatically make it right. From an ethical point of view, an employee surely does not give up all of his or her privacy when entering the workplace. To determine how far employee and employer moral rights should extend, it's useful to start with a brief exploration of how privacy becomes a moral matter.

Michael J. Meyer, SCU professor of philosophy, explains it this way: "Employees are autonomous moral agents. Among other things, that means they have independent moral status defined by some set of rights, not the least of which is the right not to be used by others only as a means to increase overall welfare or profits."

Applying this to the workplace, Meyer says, "As thinking actors, human beings are more than cogs in an organization—things to be pushed around so as to maximize profits. They are entitled to respect, which requires some attention to privacy. If a boss were to monitor every conversation or move, most of us would think of such an environment as more like a prison than a humane workplace." But, like all rights, privacy is not absolute. Sometimes, as in the case of law enforcement, invasions of privacy may be warranted. In "Privacy, Morality, and the Law," William Parent, also a philosophy professor at SCU, sets out six criteria for determining whether an invasion of privacy is justifiable:

  1. For what purpose is the undocumented personal knowledge sought?
  2. Is this purpose a legitimate and important one?
  3. Is the knowledge sought through invasion of privacy relevant to its justifying purpose?
  4. Is invasion of privacy the only or the least offensive means of obtaining the knowledge?
  5. What restrictions or procedural restraints have been placed on the privacy-invading techniques?
  6. How will the personal knowledge be protected once it has been acquired?

These questions can offer guidance as we consider both sides of the controversy.

The Case for Workplace Monitoring

If an employer uses a software package that sweeps through office computers and eliminates games workers have installed, few people will feel such an action is an invasion of privacy. Our comfort with this kind of intrusion suggests that most of us don't fault an employer who insists that the equipment he or she provides be used for work, at least during working hours.

Why, then, should we balk when an employer tries to ensure that his equipment is not being used to surf non-job-related Web sites? Hours spent online browsing the recipe files of Epicurious are no less a breach of the work contract than games playing.

"The underlying principle is value for money," says Joseph R. Garber, a columnist for Forbes magazine. "If you don't deliver value for money, in some sense, you're lying."

Garber gives this illustration: If we hired someone to paint our house, and they didn't do the northern wall, we would feel moral outrage. Similarly, if we pay workers to give a good day's work and they are, instead, surfing X-rated Web sites, we are also morally outraged.

Such "cyberlollygagging" is no small problem. A study by Nielsen Media Research found that employees at major corporations such as IBM, Apple, and AT&T logged onto the online edition of Penthouse thousands of times a month.

Beyond worry about lost productivity, employers have legitimate concerns about the use of e-mail in thefts of proprietary information, which, according to the "Handbook on White Collar Crime," account for more than $2 billion in losses a year. The transfer of such information can be monitored by programs that search employee e-mails for suspect word strings or by employers simply going into the employee's hard drive and reading the messages.

In a case last year, a former employee of Cadence Systems was charged with stealing proprietary information and intending to bring it to the rival software maker Avant! According to prosecutors, before leaving Cadence, he e-mailed a file containing 5 million bytes to a personal e-mail account. Such large messages suggested that he might be sending source code for the company's products and prompted Cadence to contact the police.

Electronic communications can pose other dangers for employers besides breached security and lost productivity. More and more, employers are being held legally liable for the atmosphere in the workplace. Although the case was ultimately dismissed, employers worry about litigation like the $70-million suit brought by Morgan Stanley employees, who claimed that racist jokes on the company's electronic mail system created a hostile work environment.

Sexual harassment cases also often hinge on allegations of a hostile work environment, which might be evidenced by employees downloading or displaying pornographic material from the Web or sending off-color e-mails. "The days of guys putting naked bunnies up on their computer screens are gone because that's actionable stuff," Garber comments.

To prevent such abuses, Garber argues, employers need to be allowed to monitor: "We can't make corporations responsible for stopping unacceptable forms of behavior and then deny them the tools needed to keep an eye out for that behavior."

The Case Against Workplace Monitoring

Consider this scenario: It's lunch hour. An employee writes a note to her boyfriend. She puts it in an envelope, affixes her own stamp, and drops it in the basket where outgoing mail is collected. Does the fact that the pencil and paper she used belong to her employer give her boss the right to open and read this letter?

Although most people would answer no, that's just the argument employers are making to defend monitoring e-mail, according to the Electronic Privacy Information Center's Sobel: Employers claim that because they own the computer, they have the right to read the e-mail it produces. The situation is complicated by the fact that work and personal life are not as clearly delineated as they once were, due, in part, to the very technologies that are being monitored. Employees may telecommute, doing much of their business through e-mail and the Net. Often, they work a good deal more than 40 hours a week. If they take a moment to send a message to Aunt Margaret in Saskatoon, do they not have a right to expect their e-mail will be confidential?

"Most people don't work 8 to 5," says Anthony Pozos, senior vice president for human resources and corporate services at Amdahl Corp. "We pay people to do a job; we don't really pay by time increment. Employees probably do use our e-mail or Web access for personal matters; it's analogous to using the telephone. People do sometimes need to do personal things on the job, but as long as it doesn't interfere with work, that should be okay."

Another ethical consideration in the debate is fairness. Usually, it's not corporate higher-ups who are subject to monitoring, but line workers. That's particularly true when it comes to key-stroke monitoring, a form of electronic surveillance that measures the speed of data entry. According to an article in Public Personnel Management, "The majority of employees being electronically monitored are women in low-paying clerical positions."

Then there's Parent's question about whether the invasion of privacy (represented by monitoring) is the only or the least offensive means of obtaining the information employers seek. In a survey conducted by PC World, slightly more than half of the executives interviewed were opposed to monitoring employees' Internet use. Scott Paddock, manager of PC Brokers, told the magazine, "First, I trust my employees; that's why they work for me. If there were to be any problems with an employee, those problems would present themselves without the need for me to get involved in cloak-and-dagger shenanigans. And second, if I spent time monitoring their Web usage, I would be just as guilty of wasting time as my behavior implies they are."

Trust is often mentioned by opponents of monitoring as a major ethical issue. As Rita C. Manning writes in the Journal of Business Ethics, "When we look at the workplaces in which surveillance is common, we see communities in trouble. What is missing in these communities is trust."

If, Manning continues, employers create trust, employee behavior "will conform to certain norms, not as a result of being watched, but as a result of the care and respect which are part of the communal fabric."

Some Possibilities for Common Ground

It is possible to moot many of these ethical issues by arguing that monitoring all comes down to a question of contract. That is the view of David Friedman, an economist and professor at SCU's School of Law.

"There isn't an agreement that is morally right for everybody. The important thing is what the parties agree to," he says. "If the employer gives a promise of privacy, then that should be respected." If, on the other hand, the employer reserves the right to read e-mail or monitor Web browsing, the worker can either accept those terms or look elsewhere for employment, Friedman continues.

Friedman's argument doesn't address the problems of lower-income workers who may not have a choice about whether to accept a job or, if they do, may be choosing between entry-level positions where monitoring is a feature of the work environment.

But he does point to an area where some common ground may exist between opponents and proponents of monitoring. Most parties to the debate agree that companies should have clear policies on electronic surveillance and that these should be effectively communicated to employees.

A recent study by International Data Corp. suggests that such clarity does not currently prevail. A survey of employees at 110 businesses showed that 45 percent thought their company had no policy on e-mail at all. Most of those who did know the company policy had either learned it by word of mouth or were directly involved in writing it.

Spelling out company policy "is our bottom line," says Sobel. "We would like to see an outright prohibition on e-mail monitoring in the workplace, but, at the very least, there needs to be notice to employees if that's the policy."

Pozos believes that involving employees in the creation of a monitoring policy is also a way to find common ground. By bringing employees and managers together to develop principles and guidelines for electronic mail, Amdahl was able to create a policy that was acceptable to both sides, Pozos says.

In any case, employers who reserve the right to monitor should attend to the considerations Parent proposes, ensuring at least that the monitoring serves a legitimate purpose and follows clear procedures to protect a worker's personal life from unnecessary prying, either by LittleBrother or by Big Brother.

Further Reading

Dichter, Mark S., and Burkhardt, Michael S. "Electronic Interaction in the Workplace: Monitoring, Retrieving and Storing Employee Communications in the Internet Age."

Garber, Joseph. "The Right to Goof Off." Forbes (Oct. 20, 1997) p. 297.

Greenlaw, Paul S., and Prudeanu, Cornelia. "The Impact of Federal Legislation to Limit Electronic Monitoring." Public Personnel Management 26, 2 (June 22, 1997) p. 227.

Manning, Rita C. "Liberal and Communitarian Defenses of Workplace Privacy." Journal of Business Ethics 6, 8 (June 1997) p. 817.

Parent, W.A. "Privacy, Morality, and the Law." Philosophy & Public Affairs 12, 4 (Fall 1983) p. 269.

Related Web Sites

Center for Democracy and Technology

Electronic Frontier Foundation

Electronic Privacy Information Center

Privacy Rights Clearinghouse

ACLU Freedom Network: Cyberliberties

Yahoo Privacy Resources

Privacy Protection Principles for Electronic Mail