November 19, 1998

Surveillance software sales rising steadily

SAN JOSE, Calif. - Did you hear the one about the guy who went to call up a spreadsheet for the boss and inadvertently clicked on a centrefold he forgot was on his computer? And then there was the hapless fellow who tried to forward an off-colour E-mail to one buddy - and ended up cc'ing his entire work group. 

The people who make their living worrying about corporate liability have heard the stories, too. And they're not laughing. 

If your workplace has Internet access, the odds are good that where you go and what you do online is constrained by company policy. And if your firm doesn't have a directive spelling out what constitutes acceptable behaviour on the Net just yet, it probably will very soon - regardless of whether a Net-abuse problem exists. 

The number of companies with Internet-use policies in place soared from 31 per cent to more than 50 per cent during the nine-month period ending in May, according to SurfWatch, a Los Altos, Calif.-based company that makes Net-filtering software. A separate study in July by the trade journal Network World found half the companies that don't have policies intend to develop one in the next year. 

And many firms won't be stopping with a few new pages in the employee handbook. The purveyors of network surveillance software for the workplace say orders have been doubling each quarter since late last year. 

Between 19 million and 26 million Americans have access to the Net at work. On average, each spends approximately six hours each week online. A significant portion of those hours are spent on activities other than work. Abuse of company Internet connections by employees ranges from innocuous joy riding on the Web - such as checking stocks and sports scores - to running illegal pirate software sites on the company server. 

Companies that make software to control and monitor Net access market their wares by emphasizing the amount of wasted time the Net consumes. One firm, Net Partners Internet Solutions of San Diego, calculated the total lost-productivity cost from the release of the Clinton-Lewinsky scandal documents on the Net to be more than $450 million. 

But attorneys and human-resources professionals who draft Net policies say liability - not productivity - is the key issue driving companies to act. The possibility of expensive lawsuits stemming from claims of sexual harassment, discrimination and hostile-workplace environments has many firms rushing to put iron-clad restrictions in place before a problem comes to light. 

``If someone's implementing a policy just because of lost productivity, they're probably missing the point,'' said Eric Goldman, an attorney in the Palo Alto, Calif., offices of law firm Cooley Godward LLP. 

``The equation I would look at if I had to decide how to manage these resources is this: One sexual-harassment claim can cost millions.'' 

Human-resources professionals and attorneys say the biggest single problem with Net access is the viewing, collection and trading of pornography. A little pornography problem involving just one employee can quickly become a legal headache and a PR disaster for high-profile companies. 

This is not a new problem. In 1994, prior to the advent of the Web as a mass medium, Lawrence Livermore National Laboratory - one of the most secure federal research facilities in the United States - received a flood of unwanted front-page attention after a technician made more than 90,000 porn images available to the worldwide Net community via a lab server. The site logged more than 17,000 downloads before an internal investigation caught the poster. 

The second most common problem causing corporate Net czars to lose sleep is E-mail that is harassing, obscene, racist, sexist or otherwise inappropriate. 

Financial giants Citicorp and Morgan Stanley found themselves in legal hot water last year over a series of racist jokes that originated on the Net and circulated through the companies' internal E-mail systems. 

And beyond the dirty and the derogatory, there is the just plain dumb. Firms fear employees with Net access may unwittingly divulge privileged information or write personal messages that could be misconstrued as official company communication. 

No one can say with certainty just how big a problem workplace Internet abuse really is. While most companies have the technical capacity to gather usage logs and analyze Internet traffic coming in and out through a proxy server, few bother. And their reluctance to open networks to outside scrutiny prevents large market-research firms that study Internet traffic from getting a statistically meaningful snapshot of who's doing what in the workplace. 

A national survey by PC World magazine last fall found that one in five companies had disciplined employees for improper Net activities. At the Bank of America, which grants Net access to between 30,000 and 40,000 employees, the number of problem users is ``really just a handful in a very large population,'' according to Clifford Seaholm, senior vice-president and general manager for desktop and network integration services. 

A growing number of companies are turning to surveillance software to ensure their acceptable-use policies are being obeyed. 

A study by PC World found one-third of companies monitor Net usage and firms with more than 1,000 employees are twice as likely as their smaller counterparts to do so. 

In the end, companies that implement air-tight acceptable use policies and Internet monitoring may find themselves pondering an uncomfortable irony: They instituted these tools expressly to reduce risk, yet the same tools, applied with a heavy hand, may actually bring new risks - employee resentment and lower morale. The controls put into place to limit the possibility of hostile-workplace complaints may actually create a hostile condition of their own. 

KNIGHT RIDDER TRIBUNE

Half of us don't have a will, survey shows