Monitoring employees online: How much is too much?
Software allows agencies to monitor what employees do on a computer down to the keystroke, but where is the line between legitimate security needs and intrusion?
Technology allows employers to track what their employees do online, but how much is too much?
The Washington Post reports that some federal agencies are using tracking technology so sophisticated it can record “every activity, in complete detail,” according to the website of SpectorSoft, maker of some of the most popular tracking products.
While federal agencies warn employees that they have “no reasonable expectation of privacy,” as stated in a banner that employees see every time they log onto a government-owned system, privacy advocates argue that the government’s legitimate interest in watching for disclosure of classified information or other harmful activity falls somewhere short of being able to reconstruct every keystroke.
A chief concern: The same technology that allows managers to guard against compromises of security could also be used to identify and punish whistleblowers – something for which the Food and Drug Administration is already being sued.
The software available can go far beyond e-mail monitoring, writes Lisa Rein in the Post. " It could be programmed to intercept a tweet or Facebook post. It could snap screen shots of their computers. It could even track an employee’s keystrokes, retrieve files from hard drives or search for keywords."
but should that trouble federal employees? After all, they know that everything they do on government equipment is subject to scrutiny.
“It’s long been known that employees give up some privacy on computer use whether working for government or the private industry,” author and consultant Judy Welles told FCW.
Welles, a former FCW columnist and author of a book for federal employees called “Get a Life, Try This,” said most federal employees are responsible and careful about how they use federal equipment. “Still, some of the new [monitoring] products may be overly intrusive and can raise a specter of micro-management, causing employees to communicate less and feel they are not trusted,” she said. “The result can be lower morale and less effective workforce.”
There’s another complicating factor involved, said Mary Lamb, chief operating officer at Suss Consulting: The bring-your-own-device phenomenon. BYOD, and other changes to working habits such as telework, mean that agencies might have less control over data, regardless of how they monitor employee activity.
“In any large organization, you have policies and procedures in place for the use of [the employer’s] equipment. When you sign up, you’re aware of that,” she said. “How we work is changing, and given that folks are aware of the policies and procedures, you have to trust that when they bring their own device, they’re going to adhere to whatever policies and procedures” are in place.
It’s precisely that level of trust, though, that appears to be missing at many agencies. Tom Clare, senior director of product marketing for San Diego-based Websense, told the Post that as a general rule, agencies treat any device that accesses government information as a government device for the purposes of monitoring, even if it’s the employee’s personal property.