Is Big Brother spying on you in the office?

Your computer at work is almost certainly an open book to your boss, with every keystroke you type and web page you view easily recorded and quietly checked, with or without your permission or knowledge. What can you do about it? Frederick Lane, author of “The Naked Employee: How Technology Is Compromising Workplace Privacy,” explains what employees need to know. Here's an excerpt:

The Privacy of E-Mail
Since the widespread adoption of the Internet by the general public, electronic correspondence has grown to staggering levels: The research firm The Gartner Group estimated that in 2001, more than 5.5 trillion e-mails were sent worldwide, or roughly 15 billion messages per day. The research analyst group International Data Corporation predicts that by 2006, the daily e-mail count will quadruple, to something in the range of 60 billion messages. By contrast, the U.S. Postal Service handled roughly 200 billion pieces of mail for all of 2001.¹⁰

E-mail is rapidly becoming the predominant form of business communication. The advantages are self-evident: speed, convenience, low cost, ease of use, the elimination of phone tag, and so forth. But e-mail is, to put it mildly, a double-edged sword: Indiscreet workplace e-mail writers are, to borrow a cliché, the road kill of the information superhighway. Hardly a week goes by without new stories of employees who have been fired as a result of management disapproval of their workplace correspondence. According to the American Management's Association's most recent annual workplace survey, roughly one-half of all employers in this country periodically review their employees' e-mails, and one-third of all businesses have fired someone for inappropriate use of company e-mail or improper Web surfing.

To understand the role that e-mail is playing in employment and the ease with which it can be monitored, it's useful to take a closer look at this incredibly popular form of communication.

Searching Electronic Mail
Much of the misconception regarding e-mail privacy stems from the way it mirrors the characteristics of other types of communication: It's a written communication, which implies the privacy of first-class mail, and it's person-to-person and virtually instantaneous, which suggests the privacy of a telephone conversation. Unfortunately, e-mail lacks the privacy protection given to either form of communication.

To begin with, the mere fact that an e-mail is a written communication from one person to another person (or a group of people) accords it no particular protection. Only letters that are sealed, stamped, and deposited in a U.S. Postal Service mailbox are entitled to the privacy protection offered by federal law. Since e-mail doesn't remotely conform to postal regulations, it has roughly the same privacy protection enjoyed by postcards, and no one would rationally consider a postcard sent through the mails to be a private document. But when it is mailed in a sealed envelope, even the raunchiest "You're Turning Forty" birthday card has more legal protection than the most sensitive or profound e-mail.

Telephone calls also offer employees greater privacy protection than e-mails. The Electronic Communications Privacy Act (ECPA), which Congress adopted in 1986, divides electronic communications into two categories: stored communications and communications in transit. Electronic communications that are in transit are entitled to roughly the same protection accorded voice communication — that is, an employer cannot intercept them or record them (subject to certain exceptions). But unlike voice communication, which is almost always live, e-mail is almost always stored in one fashion or another.¹¹ As long as an employer is searching a stored collection of e-mail, it can poke and pry at will.

The potential storage sites for your e-mails are myriad. Every e-mail program contains an option to copy the messages you send to a "sent" folder on your computer, and most computer users either purposely choose to have their messages saved or are oblivious to the fact that the program is doing so automatically. As we've seen, assuming that you've been given notice of the possibility of searching, your company can search the files on your computer at its discretion, and that includes the contents of your "sent" folder, your inbox, your "draft" folder, and anything else that it thinks might be interesting.

Even if you don't save copies of your e-mail on your computer, the normal operation of a corporate network creates other storage opportunities. When you click "send" on your office network computer, for instance, your e-mail program typically forwards your e-mail to the network mail server, which breaks the message into packets and sends them over the Internet toward their destination. For the purposes of the Electronic Communications Privacy Act, the e-mail's arrival at the network mail server is the equivalent of an airport layover. Even if the retransmission of your e-mail is virtually instantaneous, its brief stop in the network mail server constitutes "storage" for the purposes of employer investigation and review.

In some workplaces, incoming and outgoing employee e-mail is stored on a mail server, which the company copies each evening onto another hard drive or backup tape. Tape archives are typically kept for a finite period of time (usually thirty days or so), but it's not uncommon for e-mails that are months or even years old to be retrieved from archives. How long a particular company maintains its electronic archives depends on its own retention policy; companies need to balance a number of competing concerns including data integrity and protection, the ability to review the electronic behavior of their employees, and the legal exposure they risk by having months and months of electronic materials on file.¹²

E-Mail Firings and Other Tales of Electronic Woe
Undoubtedly, Michael Smyth never intended to carve himself out a permanent place in the battle over workplace privacy rights. Nonetheless, his name is inextricably linked with one of the first federal court decisions regarding the privacy of e-mail. In October 1994, Smyth, a regional operations manager for the Pillsbury Company in Philadelphia, received some e-mails from his supervisor on his home computer. The e-mails originated on an internal e-mail system set up and maintained by Pillsbury, and Smyth's responses traveled across the same system on their way back to his supervisor.

During this e-mail exchange, Smyth ridiculed Pillsbury's sales management, threatened to "kill the back-stabbing bastards," and referred to a holiday party at Pillsbury as a "Jim Jones Kool-Aid affair." A company executive who reportedly saw a copy of that message in an office printer undertook a thorough review of all of Smyth's e-mails, and on February 1, 1995, Smyth was fired by Pillsbury "for transmitting what it deemed to be inappropriate and unprofessional comments over defendant's e-mail system." Smyth sued to regain his job, arguing that Pillsbury had explicitly promised that all e-mails would remain privileged and confidential. In fact, the District Court found that Pillsbury had also promised that e-mails "could not be intercepted and used by defendant against its employees as grounds for termination or reprimand."

MORE FROM TODAY, WEEKEND EDITION

Today, Weekend Edition Section Front

3 recipes to ease your holiday bill Reflecting on the shock of Pearl Harbor Centenarians on lessons of Great Depression Curb the cravings of shopping addiction Can you afford a life-altering change? Behind the scenes of 'The Office' Centenarians on enlightening encounters with Edison Centenarians recall WW II medical service In-laws spoiling the holiday cheer? Bring home America's best bacon Today, Weekend Edition Section Front   Add Today, Weekend Edition headlines to your news reader: