3/11/2007
–
The Redding Record Searchlight
Most large companies rely on in-house technology departments to monitor office phones and e-mail. Employees generally accept the practice as necessary to protect business from rogue colleagues and outside threats. But this week's revelation that Wal-Mart Stores Inc. fired an IT employee for snooping has some asking who watches the watchers.
The technology to monitor communications is advancing faster than corporate policies governing their use, experts say, leaving workers and their employers vulnerable to invasions of privacy and legal liability.
The IT staff now knows a lot about everyone -- they've become the keeper of secrets,
said Lynn Lieber, founder of Workplace Answers Inc., a San Francisco-based provider of Web-based legal compliance education.
Employers have long cautioned office workers against visiting e-commerce, gambling and pornographic Web sites at the office. Many companies monitor employee communications to safeguard proprietary information, ensure worker productivity and head off sexual harassment claims. Wal-Mart, the nation's largest private employer, said the fired employee acted on his own in monitoring and recording telephone calls between the public relations staff and a New York Times reporter who had written about the company. Wal-Mart said the employee also intercepted electronic messages.
The employee, part of an internal security threat team, told The Wall Street Journal that he had felt pressured to discover who was leaking embarrassing information about the company. He could not be reached for comment. Howard Schmidt, the White House's former cyber-security adviser and one-time chief security officer for Microsoft Corp., said a small group of IT security workers can get carried away with their special privileges to monitor or look in on colleagues.
It's the big unknown how widespread the abuse is,
said Schmidt, who also serves on the board of ISC Squared, which certifies high-tech security personnel. Many of us in the security business talk and worry about the inside threat.
Many companies use e-mail filters to block or flag references to company products and to words or Web sites with pornographic connotations. Newer software sorts the contents of e-mail and Web sites by "the level of threat severity," said Devin Redmond, the director of security products for Websense, a San Diego-based security software company.
But humans are still the heart of every company's security operation.
But if you have a person who is looking to do something bad or take some advantage of their privileges, they're going to figure out a way to beat your controls and minimize likelihood that you're going to find out about it.
Most companies allow employees to send personal e-mail or make phone calls on company time so long as they get their work done. But about half of employers have disciplined workers for e-mail abuse, according to a 2005 survey from the American Management Association.
Companies generally direct IT administrators to turn over troublesome communications to corporate lawyers or human resources managers. A complaint about a worker lodged by a customer or another employee can also trigger a review of e-mails or phone records.