Harley Hahn's
Internet Insecurity


Chapter 2...

Is Your Business Their Business?

It's Different at Work

We all have expectations regarding our privacy. For example, when we are alone at home, we instinctively feel that we can more or less do what we want and no one else will know. When we are in public, however, we know that we do not have the same degree of privacy, and we act accordingly.

Once we start using the Internet, our environment changes and so must our expectations. Whenever we connect to the Net, we expose our computers (and ourselves) to the influence of forces beyond our control, often without our knowledge. It is my assertion — and one of the themes of this book — that, with the integration of the Internet into our everyday lives, our understanding of privacy will have to change. Collectively and individually, we are going to have to struggle with these new external forces and revise our attitudes, especially with respect to our expectations of privacy.

In Chapter 1, we discussed the importance of the Internet, and how our individual interaction with it transforms what looks like a solitary activity into a public experience. In this chapter, we will explore the Internet and the workplace. You will see that — when it comes to using computers and the Internet — the experience of using the Net at work is fundamentally different from using the Net at home. As such, the work environment requires you to develop a particular set of habits to protect yourself and your privacy.

Before we discuss these ideas in detail, I would like to take a few moments to consider the workplace itself — in particular, its nature and the unique demands it makes upon us. Even if you do not work at an office, please read this chapter, because I am going to discuss some important ideas that apply to everyone.

Jump to top of page

The Rules Rule

If you work for a company or for the government, you know that there are rules — sometimes many rules — that you must follow. In a large organization, there will likely be a sizable Policies and Procedures manual. There is no doubt that some of these guidelines are useful and help people carry out their jobs. A large number of the policies, however, are only there to protect and further the interests of the company.

For example, many businesses have policies regarding sexual harassment. In some sense, these policies help protect the employees. However, to a large extent, the rules are written by company lawyers to protect the company from lawsuits. I have a friend who works for a large publishing company. According to a rule at his company, if someone from outside the company were to send him an email message that, for some reason, his female assistant read and found to be offensive, he would be held responsible.

If you work in an industry that is particularly subject to regulation, you will find that many of the pages in your Policies and Procedures manual will be devoted to keeping your company from running afoul of the government. This is especially true if your company works in an area where there are environmental or safety concerns, or if your company does business with the government directly. However, all large companies must worry about the government. In the U.S., for example, there is a federal agency named OSHA (Occupational Safety and Health Administration) that regulates many aspects of the workplace. In large companies, it is not uncommon to find many workplace rules based on OSHA requirements.

This is not to say that company rules are bad. Many such rules are necessary. What is important for you to understand is that the company or organization you work for has a life of its own, and insofar as it can, it will protect itself at the expense of any particular individual (including you). Although you may think that the workplace rules are there to protect individuals and to encourage the principles of safety, equality and opportunity, they are enforced primarily to safeguard the interests of the company. One very big consideration is avoiding lawsuits and government sanctions, and towards such ends, many companies are prone to making their employees follow otherwise silly rules.

You would think that, with all the rules, the one area that would be heavily regulated would be personal privacy. To some extent, it is. For example, your company would not make public the information in your personnel file. However, when it comes to computers and the Internet, you have no privacy rights, and therein lies a real paradox.

Jump to top of page

Why You Are on Your Own

While you are at work, you take it for granted that there will be a significant lack of privacy. However, in our culture, human beings have an undeniable need for privacy and, in a semipublic arena such as a workplace, the psychological needs of the individual are usually balanced against the needs of the company. For example, if you work in an office, you are probably left alone to arrange your own desk drawers and (within reason) decorate your office. Companies know that, by their very nature, they necessarily impose upon your privacy, so they do make an effort to be sensitive to your most important needs. For instance, even the most company-oriented manager would think twice before installing security cameras in the employee bathrooms, or dictating what you may or may not do on your lunch hour.

Imagine a large circle drawn around the building in which you work. Every morning, as soon as you enter that circle, your privacy is limited, and you understand that. Now imagine the circle shrinking. Eventually, it is small enough that it contains only your office or cubicle. As the circle gets smaller and smaller, you expect more and more privacy. This is a psychological need we all share.

The smallest possible imaginary circle would be one that encompasses your inner self, that is, your mind and your thinking. If your company were to attempt to penetrate your very thought processes, you would consider it a gross invasion of your privacy, no matter how virtuous the rationalization. That is why, for example, if your manager asks for a report on your last month's work you would, no doubt, comply cheerfully, but if he or she were to ask you to take a lie detector test, you would almost certainly be offended. Indeed, you would probably refuse to take such a test (and as one of my readers, you have every right to do so).

The most personal part of your work is the very ideas and thoughts that exist in your head from minute to minute.

Since the most personal part of your work is your thinking process — the very ideas and thoughts that exist in your head from minute to minute as you work — you would be most upset if someone found a way to monitor your thoughts. Is it possible for your employer to invade your head in this manner? Literally, no, but, practically speaking, yes it is possible. It can be done by monitoring what you do on your computer and how you use the Internet.

Most people assume that no one is ever going to care about how they use their computers as long as they get their work done. Similarly, they also believe that — unless there are specific rules regarding the Internet — they can do whatever they want, whenever they want, as long as they stay clear of obviously inappropriate behavior (such as looking at pornography, or sending harassing email).

We make these assumptions unwittingly, because we misunderstand the nature of using a computer within an organization. Computers are powerful tools that interact with our minds. Whenever we use such mind-oriented tools, we instinctively perceive the experience as being highly personal and intimate, and we assume that our employer will respect our right to have such activities remain private.

Most of the time, of course, this is the case. In most companies, no one looks over your shoulder as you type and click your mouse, and no one checks your computer at night looking for contraband. However, your company (or department or organization) has a life of its own, and its long-term interests are not the same as yours. If the company feels its interests are threatened, it will not hesitate to invade your most private activities, including spying on you while you use your computer and the Internet, or having experts examine your computer and its files looking for damaging information. Indeed, some companies use monitoring software that can record each keystroke you make and every Web site you visit. (We'll talk more about such software later in the chapter.)

We generally don't realize that, as we use a computer, we make many small decisions and choose strategies that, later, can allow an expert to find out a great deal about our thinking processes. For example, from time to time we are all called upon to organize the files and the folders (directories) on our computer. It is my experience that if you let me examine someone's computer, I can tell you a lot about the person by looking at how they choose to organize their files, what names they used, and so on. You would be shocked what a skillful expert can find out about you by looking at your email (including messages you thought were deleted), your browser history, the many hidden files that your programs create without your knowledge, and so on. Let's hope you never have to find out.

However, just in case, I'll show you, in the next few chapters, how to protect yourself and how to ensure your life at work is filled with as few such surprises as possible. When it comes to using your computer and the Internet at work, don't hold your breath waiting for anyone to look out for your interests and your rights to privacy. You are on your own. Your computer is owned by your employer, and they own everything on it, including the love notes your fiancee emailed to you (which you thought you erased) and the records kept by your browser that indicate how many Web sites you visited to do your Christmas shopping on company time.

Jump to top of page

What Not to Do at Work

At home, you have control over your computer, your programs, and (if you have one) your network. At work, everything is owned by your employer: the computer, the software, the network, and all the data (including your email messages). As a general rule, anything you do on company time using company resources is the property of the company. This means that, whenever you use your office computer for anything, your activities fall under the rules set by your company.

Many companies have policies to cover computer and Internet usage, but even if your company doesn't, it is wise to protect yourself from potential trouble. The easiest way to do this is to follow two guidelines:

  1. Never use your computer for personal activities.
  2. Make a habit of regularly deleting all transient data from your computer.

Let's take these guidelines one at a time. To start, I am suggesting that you should never, ever use your office computer for personal matters. I know this sounds extreme. After all, we all do some personal things at work. For example, many people make personal phone calls; even if your company is strict about such calls, it would probably be okay to use a company phone on your lunch hour.

Some companies keep a record of the numbers you call, how long you talk, and even (if the calls are recorded) what you talk about. If your company tracks you in this way, it would be foolish to use your office phone for personal calls. For one thing, you might inadvertently say something that could be misinterpreted in an unfavorable light. Moreover, if you and the company were ever in adversarial positions — for instance, if you were leaving your job under less than pleasant circumstances — you can bet that it wouldn't be difficult for an enterprising lawyer to go through your conversations and dig up something incriminating.

Of course, in most companies, this is unlikely to happen because no one records what you talk about each time you use your phone. However, this is not the case with your computer. Whether you realize it or not — and most people don't — a lot of what you do on your computer leaves traces, and it is impossible to erase them all without wiping out your entire system and reinstalling all your software.

Some companies use special spy programs that monitor your Internet activities and make a permanent record of everything you do on the Net, including every Web site you visit and what you do when you get there. However, even if your company doesn't use such a program, don't assume you are safe. Your friendly operating system (Windows), your Web browser (Internet Explorer or Netscape), and many of your programs store lots of information about your activities.

In Chapters 3 and 4, I'll go over the ways in which your computer records your activities and what you can do to wipe out such records. However, I have to tell you, it is impossible to find everything and, even if you could, it would be an enormous bother to have to clean your computer regularly. Believe me, the best thing is to refrain from using your computer for personal activities at work. This will eliminate virtually all potential problems.

Does this mean I am saying that you shouldn't check your AOL or Hotmail account for email, even during your lunch hour? Yes, exactly. Wait till you get home.

Have you ever heard the saying, "If you never lie, you'll never have to remember what you said"? Let me tell you a similar bit of wisdom. If you never use your office computer for personal pursuits, you'll never have to remember what you did (and you'll never have to worry about erasing the evidence).

Jump to top of page

The Weak Links in the Chain of Privacy

You may not realize it, but much of what you do at work on your computer is accessible to other people. With respect to using the Internet, we'll talk about the details in Chapters 3 and 4, and at that time, I'll show you what you can do to protect your privacy. I'll also explain some of the basic ideas along with the technical terminology. Right now, however, let's consider, in general terms, what would happen if someone were to check out your computer when you were not around.

For example, what if you were at lunch for an hour, and a coworker wandered in and started playing with your computer? Suppose you went away for a week or two on a vacation or a business trip, and someone used your office during that time? In less pleasant circumstances, what if, for some reason, your company were looking for evidence to use against you, and they started by scrutinizing your PC?

Let's pretend that you are away from your office and an investigator has access to your computer. He wants to find out as much as he can about you and what you have been doing. Let me show you what he might do.

To start, he turns on your computer and watches what happens. Do you have any chatting or email programs that start automatically, such as AOL Instant Messenger or Microsoft's MSN Messenger Service? If so, you may be logged in automatically each time your computer starts. In this case, the first thing the investigator does is check all your personal email. At the same time, he looks at the list of people you talk to (your Buddy List or Contact List). He may even chat with them, under your name, to find out more information. When he does, they will think they are talking to you.

The investigator then starts the email program you use for your work. He begins by reading your messages, not only your incoming mail, but all the messages you have ever sent, as well as the ones you think you have deleted. At this point, it will be obvious to him if you have been using the company system for personal email. (As I will show you in Chapter 4, many of the messages you think you have deleted may still be on your system.)

Moving on, the investigator opens your Web browser, Internet Explorer or Netscape. A wealth of information is now available. (In Chapters 3 and 4, I'll show you what steps to take to protect your privacy.)

The first thing he sees is your home page, the Web page that loads automatically each time your browser starts. (We'll talk about your home page in Chapter 3.) You can set your home page to be whatever you want but, remember, that is the first thing anyone will see when he starts your browser.

Next, the investigator looks at your browser history. This shows him the names of all the Web pages you have visited in the recent past. He can find out if you have been checking personal email, buying and selling at online auctions, looking at sports scores, checking your stock portfolio, reading the news, and so on. In particular, he checks to see if you have been visiting any forbidden Web sites, including anything even remotely connected with sex. Perhaps more important, if you have posted your resume at a job search Web site, the investigator will find out.

He then looks at your list of Favorites (Internet Explorer) or Bookmarks (Netscape). These are Web addresses you have saved. You would be surprised how many people save questionable Web addresses on their work computers, but nothing will surprise the investigator. He has seen it all.

After spending a few hours tracking down your Web activities, the investigator turns his attention to the rest of your system. Using a program called Windows Explorer, he starts looking at your files and folders (see Chapter 3).

First, he examines all the files in your cache, a storage area used by your browser. By doing so, he can see everything you have looked at, including the pictures. If you have ever looked at a questionable picture, there is a good chance there will be a copy of it in your cache.

The investigator then starts rooting around your system, looking for anything interesting. He looks at all your files and your folders checking out, not only the contents and how everything is organized, but all the names. (Although you might not realize it, it is possible to tell a lot about a person by looking at the names he or she chooses for files).

Another way the investigator examines your files is to use the Windows Find facility (Start | Find). That is, he displays the Start Menu by clicking on the Start button, and then clicks on Find. He searches for files with a particular name as well as files that contain specific words or phrases. He then looks on your Documents list (Start | Documents), to see what documents you have been using.

He then looks at all the programs you have installed, and all the data files they have created. He finds your programs in three ways. First, he looks at the Add/Remove Programs facility (Start | Settings | Control Panel | Add/Remove Programs). Next, he looks at which programs are in your Start menu (Start | Programs). Finally, he uses Windows Explorer to look at the folders on your hard disk, especially the Program Files folder. This is the place where most programs install themselves.

True story: I once knew someone who had been using AOL on a work computer to participate in chats and email with a group of people who favored certain, shall we say, "unusual" sexual and social practices. She thought she cleaned up her computer when she left. What she didn't know is that AOL had obligingly left a list of all her companions in a file in a special AOL folder. It was there for anyone who knew where to look for it.

By this point, the investigator has a good grasp of your habits, your interests and your activities. If he is astute, and he has the time and inclination, there is a lot more that he can find in your computer by using technical tools that I won't go into here (such as the registry editor, see Chapter 4). For now, the investigator contents himself with one last inquiry. He looks at each icon (small picture) on your desktop, checking when it was created, and what it does. If it represents a program, he runs it to see what you have been doing. If it represents a Web page, he checks out the page to see what you have been looking at.

Jump to top of page

It's Worse Than You Think

In the last section, I told the story of what an investigator might do if he were investigating you by examining your computer where you work. I assumed that all this happened when you were away from your office for some reason. But, actually, in most companies, that's not even necessary. If your computer is on a network, the network administrator can access all your files and, in principle, he or she can find out a lot of what you are doing without going anywhere near your computer.

If you have any files on a file server (a special computer that provides data storage to users on the network, see Chapter 3), it is easy for the administrator to look at them. This is certainly the case with all of your incoming and outgoing email messages, which are stored centrally on a computer called a mail server (see Chapter 4).

If you have ever had any questionable files, don't think you are safe just because you deleted them. One of the responsibilities of your network administrator is to ensure the safekeeping of all the data on the network, and toward this end, he or she will make sure that a copy of all the data on the network, called a BACKUP, is made regularly. Typically, this process will be automated and will be done every day, often in the middle of the night. (We call this BACKING UP the data.)

The backups will be stored on a medium, such as tapes or CDs, that can be removed and stored in a safe area. If you have ever had the experience of accidentally deleting an important file and having the network administrator restore it for you, you will know how valuable backups can be. However, they can work against you too. It is possible to restore, say, the contents of the mail server from two years ago and, in the process, recover all the mail messages that you thought were deleted a long time ago.

Don't get me wrong. I'm not saying here that your network administrator is going to spend his time idly looking through your files, or your mail, seeking entertainment or diversion. Network administrators have too much to do as it is, to bother with snooping for fun. The important point is that anyone with authority can arrange to have access to your files and your email, whenever they want. If you think I am being overcautious, I am not. I was recently talking to a friend who works for a well-known company, who was told by the president of the company, that he (the president) routinely looked at various people's email.

Before you get too outraged at such behavior, let me remind you that, when you work in a company, what you do on company time and with company resources belongs to the company. It may be uncomfortable to think about it, but the easiest way to stay out of trouble is to assume you are being monitored, and to act accordingly.

Never forget that you are just an employee and that your interests will not always coincide with the interests of the company. In February 2000, a great many people were being laid off by Internet-related companies. A writer who, at the time, was covering the San Francisco Bay Area for an English newspaper wrote that "lay-offs are announced with 15 minutes' notice and bewildered employees are escorted to the door by security guards. Frequently, employees' computers are seized and their hard drives scoured for evidence of any indiscretion that could justify a firing without severance privileges."

Jump to top of page

Even Paranoids Have Real Enemies

Earlier in the chapter, I described how someone with access to your computer could find out a lot about you. However, such a person can do more than merely investigate your activities. He can cause you a lot of trouble if he is so inclined, especially if you work in an environment in which there are strict policies about how the Internet may and may not be used.

The main reason you are so vulnerable to such troublemakers is that whenever someone does something on your computer without your knowledge, it looks as if you did it. For example, I mentioned earlier that, if you use a chat facility from your work computer, it might be possible for someone to access it when you are away. If so, the person can start talking to other people under your name. I have seen this happen and, believe me, it doesn't take long for a creative troublemaker to ruin your reputation.

The same holds for email, both work-related and personal. If an intruder wanted to cause mischief, he or she could easily use your email program to send a rude email message to your boss, with a copy to the president of the company, as well as all the people in your work group. Of course, it would look as if you had sent the message.

Similarly, something like this could happen if you use a Web-based email service like AOL or Hotmail (see Chapter 4), and you are logged in automatically whenever your computer starts. In this case, a troublemaker could send messages to everyone in your address book.

In addition, an intruder could use your browser to visit forbidden Web sites. Later, if anyone checked your computer, it would look as if you had looked at the sites. For example, someone who wanted to get you in trouble could, in just a few moments, visit a number of pornographic Web sites and save their addresses in your Favorites/Bookmarks list. At the same time, your browser would faithfully be keeping a record of all the Web addresses, as well as copies of all the pictures (see Chapter 3).

Jump to top of page

Protecting Yourself

It is my contention that, even if you never do anything wrong, you still need to take steps to protect yourself. How you use your computer and the Internet, and how your company perceives that you use them can become very important when you least expect it. This is especially true if you have a job in which you work with sensitive information, if you are, for example, a lawyer or a financial officer or a human resources worker. Similarly, it is prudent to be careful if you are in a highly competitive industry and you are expected to keep your work away from prying eyes. In such cases, there are legitimate business reasons — aside from any native paranoia you may enjoy — for being extra scrupulous with your computer and your data.

In general, people have an innate need for privacy. When you were a kid, for instance, you probably hid stuff under your bed. (If you have forgotten how important it was to have such privacy, go look under your kid's bed right now.) As adults, we maintain this same need. For example, if you knew that friends were coming by your home for a visit, you wouldn't leave personal papers on the coffee table in the living room.

Consider this example from work. Say that you work in an office or cubicle and you have your own filing cabinet. From time to time, you use the filing cabinet to store some of your personal papers. One day, as you are preparing to go on vacation, you find out that there is a chance that someone else may use your office when you are gone. In such a case, wouldn't you take a moment to remove all the personal material from the filing cabinet?

It's hard to clean out your computer selectively, because you don't really know what's there.

Now, let's say you knew someone might be using your computer while you were gone. What steps could you take to safeguard your personal information? Cleaning out your filing cabinet is straightforward and easy, but cleaning out your computer is more problematic. Unlike a filing cabinet, it's hard to clean out your computer selectively, because you don't really know what's there. Believe me, once you have been using a PC with Windows for awhile, there will be all kinds of personal information on your computer and there is no way to be sure that you have found it all.

The best advice I can give you is to do two things. First, never use your computer at work for personal activities. Be careful of what you do and what you say with your computer, especially on the Net. Don't assume that you can use the Web or send email anonymously. If your company has a good enough reason to find out what you have been doing, they will. For example, most ISPs and email providers will give out information about your "secret" user names if they get a court order. Some of them will even give out the information with nothing more than a request from a company lawyer. Closer to home, did you know that all Microsoft Word documents have a unique, hidden identifier? If a controversial Word document is circulating around the company, it is possible to find out who created it.

In other words, don't try to beat the system. Be prudent and follow the rules. Save your personal computer and Internet activities for home.

My second piece of advice is to guard against becoming complacent. Learn how to clean out your computer as well as possible, and do it regularly.

With respect to your filing cabinet, it's probably all right to use it to store a few personal files, because it is easy enough to remove them whenever you want. No one is going to come in the middle of the night, photocopy all the papers in your cabinet and store them in a vault. If, however, you store personal data on your computer, it will be backed up automatically, and the backup will be kept indefinitely. There may even be multiple copies in different places. (A good network administrator will keep several sets of backups offsite, in case the building burns down.)

How would you feel about your filing cabinet if you knew that it would remember each time you opened and closed it, and what you put in, took out, and looked at? Your computer can, and does, keep such information with respect to many of your activities, such as using the Web. When you use a filing cabinet, it's easy to see what's inside. With a computer, it's not possible to keep track of everything on your disk, so it is easy to become complacent.

How much information does your computer keep as you work and as you use the Net? The answer to this question is complex and we will deal with it at length in Chapters 3 and 4. At the time, I'll show you what you can do to protect yourself and, in Chapter 4, I'll give you a checklist that you can follow every day to clean out your computer.

Jump to top of page

Software That Snoops

So far, we have talked about the ways in which you might inadvertently leave tracks on your computer regarding your Internet activities. However, some companies are proactive: they use software that monitors and records everything their employees do on the Net. Is this a gross invasion of privacy, or is it simply prudent behavior on the part of the company? A lot depends on your attitude towards such spying.

Most of us leave the house to go to work, and when we do, we fully expect to spend our working hours in public. Even if we have our own offices, we don't have the same expectation of privacy that we do in our own homes. For example, most companies have a wealth of corporate policies, covering a variety of activities: dress codes, sick days, vacations, customer interactions, complaint procedures, and so on. Moreover, the physical layout of the work environment — especially the ubiquitous cubicles — will often enforce a lack of privacy for all but the most senior employees. In many companies, control extends even further, to monitoring people's movements (for "security"), their time on the phone (for "efficiency"), and how long they take to resolve a problem or inquiry (for "customer service").

Although companies are quick to justify heavy-handed surveillance, such environments clash with basic human nature and sometimes workers rebel. For example, in August 2000, workers at Verizon went on strike. There were a number of reasons, but chief among them was the lack of privacy and dignity. The workers' performance was controlled to the point of intense discomfort and pressure. As one Verizon employee explained, "You're constantly monitored and if you don't say or do certain things on every phone call, you're subject to discipline." A union press release observed: "Employees talk of breaking down and crying at work, of seeing therapists and taking anti-depressants for stress. They describe rigid rules that strip them of their dignity. They commonly refer to their work sites as 'modern-day sweatshops' or 'kindergarten', because of the childish way they're treated."

Could this happen at your company? Before you say no, consider that many companies already use software that monitors and records all Internet activity. Although such software may not put you under the same pressure as the Verizon workers, you might find yourself working with a similar loss of basic privacy. Moreover, the Verizon workers in question spent their time dealing with the public. In some sense, it was justifiable for management to listen in on the conversations. Does this principle apply to regular office workers with an Internet connection?

Maybe yes and maybe no. To find out more, I interviewed Kevin Blakeman, the President of the U.S. division of Surf Control, a company that sells Internet monitoring software. Surf Control has a number of products, one of which, Super Scout, is used by companies to monitor Internet usage.

Surf Control is a powerful program. It can monitor every type of Internet activity, including Web access and email (although Blakeman claims that the program doesn't look at the content of email). Surf Control can block access to specific sites or, alternatively, allow access only to a list of approved sites. Moreover, the program enables managers to watch what people are doing in real time. This means your boss, or someone in the human resources department, can snoop on anything you do over the Net, as you are working. If you do happen to break a rule, even inadvertently, denying it won't help, because Surf Control can record everything you do, down to the exact keystroke and mouse click.

Let's not be one-sided. The goal of most companies is not to catch people breaking the rules. Rather, the hope is that, once employees know they are being monitored, they will stop breaking the rules voluntarily. For instance, if you know that everything you do on the Net is being recorded and your manager could spy on you any time he or she wanted, how likely are you to spend two hours on an online auctions site, looking for that hard-to-find album of Julie Andrews Christmas songs?

What bothers me more than the actual spying — and it is spying — is the lack of thought that goes into the ethical and practical consequences of such systems. Is it right to create software that allows companies to spy on their employees? When I asked Blakeman, I found out that, although he was eager to talk about the features of his product, he quickly became defensive when I inquired about ethical considerations.

According to Blakeman, the software is set up by the network administrator, according to rules and policies dictated by the human resources department, so his company has no responsibility with regard to how the product is used. I asked him directly, what about the people who create such products? Is there ever any discussion of ethics within your company? "No," he replied, "we only talk about content."

I noticed, however, that Blakeman was also quick to use loaded words, such as "dangerous", when he described the types of activity that Super Scout is designed to stop. Let's be real here. Internet monitoring programs are not our last bulwark between purity and the dangers that lurk on the Net. The real purpose of these programs is to scare people so they are more apt to keep their minds on their work.

Even more common is that many companies routinely monitor incoming and outgoing email. For example, my editor at Prentice-Hall, the publisher of this book, once sent email to a reviewer. It happened that, in the message, were the words "offshore accounts". The message was sent without a problem, but the reply was caught by an automated anti-spam program running on the Prentice-Hall mail server. (Spam is unsolicited email.)

Since the reply contained the words "offshore accounts", the program judged the message to be spam. Instead of allowing the message to pass through, the anti-spam program sent my editor a note informing him that the offending message had been placed in "quarantine".

Interestingly enough, the note gave no indication of how to get the message — which was not spam — out of quarantine. Perhaps even more interesting, was that, as a test, I sent my editor a message consisting of the words "Make money fast", and it passed through the sieve without a bit of trouble.

Does any of this remind you of George Orwell's novel 1984? Orwell described ubiquitous devices, called telescreens, which allowed the totalitarian government to spy on its citizens at work, at home and in the streets. "Big Brother is watching you" was the slogan of the day.

Although today's corporate monitoring is not as extreme as 1984, constant spying does create an uncomfortable environment. When people must always act as if their activities are being monitored, it creates an ongoing, low-grade anxiety. In some companies, this is already part of the corporate culture, so adding a new form of Internet-related observation may not seem like such a big deal. Still, we should wonder about the long-term effects on morale and productivity, and how such an environment affects our minute-to-minute comfort as we work. Clearly, companies cannot and will not police themselves, which raises the specter of government intervention.

Considering all of this, I couldn't help but wonder what the president of Surf Control, the company that makes the spy programs, really thinks about such products.

"Tell me," I asked Kevin Blakeman, "do you guys use Super Scout to monitor the people at your company?"

His reply was quick, so quick that I know he didn't pause to consider what he was saying.

"Of course not," was his answer.

Jump to top of page