Are You Being Logged?
People worry all the time that their employers are watching what they do on their computers at work. And in this case, perfect paranoia is perfect awareness: It's totally legal for your boss to put you under electronic surveillance without telling you.
Thousands of people have been fired for putting their work computers to "personal" use by surfing eBay, checking out job sites, or just sending e-mail to their friends. Usually they're caught because somebody has installed software like WebSense, a popular workplace monitoring package that not only blocks employees from visiting particular sites but also keeps logs of where they try to go.
Last week I had a chance to talk about the discreet charms of logging with Andrew "I used to hack Windows kernels in my sleep" Schulman, now a legal consultant and research geek with the Privacy Foundation. These days Schulman isn't writing books about undocumented parts of the Windows O.S., but he's still fighting for your right to know things corporations don't want to tell you. Schulman led a late-night discussion at the "Computers, Freedom, and Privacy" conference on workplace privacy, where he explained that his main concern isn't so much that companies are watching you but that they're logging everything you do -- and they're saving the logs.
"It's weird," Schulman said, scratching his head. "I mean, why save all these logs of e-mail and Web-surfing habits of your employees when it can bite you in the ass?" He's referring especially to Microsoft -- as a technology consultant to the prosecution in several Microsoft cases, he's pored over the company's meticulous e-mail logs and discovered all kinds of damning evidence.
Other large companies have also gotten -- rightfully -- fucked in court when logs of their employees' e-mail and Web-surfing behavior have painted a fairly clear picture of a workplace in which sexual harassment or racism is taking place. Sexist and racist e-mails are there for investigators to see, as are logs of the porn-saturated Web-surfing habits of various employees accused of freaking their colleagues out with creepy pictures and comments.
And yet companies keep logs. Why? Sometimes it's because they don't know what else to do, or they've accidentally turned on the logging function in their employee-monitoring software. More often, it's because they want records of what employees are saying to one another, or original copies of e-mails, in case there's ever a legal question about some particular issue referenced in them. Less often, companies retain logs for commercial purposes, especially if they're providing some kind of Internet service. If they can keep a record of where you surf online -- or even a log of your I.M. conversations -- they might be able to sell it someday as psychographic data to some hyper-active marketing company.
"Maybe this will make us incredibly good, accountable citizens," Schulman mused, noting that people often don't realize that the pissy "my boss sucks" e-mail they dashed off to a friend will be kept in perpetuity on a server somewhere. A professor chatting with us said that as soon as he discovered Google had posted the entire Usenet archive, he completely changed his posting habits everywhere. "Now I'm incredibly careful about what I write, and I use a pseudonym whenever I can," he said. "I never used to think about people reading my informal posts, but now I know they could."
An executive with the U.S. Post Office, an agency with 800,000 employees, told us that software logs are what allows the government to fire so many employees for surfing porn. The idea is that if an employee is surfing porn, even if nobody has complained about it, he or she could be creating an uncomfortable environment for people (often presumed to be female) who don't want to see triple-X cum-soaked babes at work.
But what about the recent case where a guy was fired for surfing porn at home on his work computer? Was he creating an uncomfortable environment at work? Obviously not. Perhaps he was fired for excessive "personal use"? I think not -- nearly every company has an acceptable personal-use policy.
I think he was fired because logs showed he was doing something naughty. And that's where logs will really come around to bite people in the ass -- where they're used to legislate morality. Foot fetishists will be turned down for jobs if their interviewers search for them on Usenet. And porn-lovin', red-blooded Americans like myself will be told, "I'm sorry, your personal use is unacceptable because we think it's filthy."
Next time you go online, it behooves you to wonder: Who logs there?
Annalee Newitz (firstname.lastname@example.org) is a surly media nerd who has surfed more porn than you. Her column also appears in Metro, Silicon Valley's weekly newspaper.