IT's a question of ethics in the online workplace

Where do you draw the explosion of the Internet into the workplace has empowered millions of employees, in a matter of keystrokes, to quietly commandeer company property for personal use.

And ethical questions are mushrooming well beyond the propriety of workers frittering away a morning shopping online or secretly viewing pornographic Web sites.

Cautionary tales are piling up -- from United Parcel Service of America, which caught one employee using a UPS computer to run a personal business, to Lockheed Martin, where a single email heralding a religious holiday and sent to 60,000 employees disabled company networks for more than six hours. The flood of email traffic cost Lockheed Martin hundreds of thousands of dollars in lost productivity, and the employee lost his job.

Every day, companies face unexpected twists in the world of virtual morality. With the surge in day trading, is it OK for employees to log on to make a quick stock deal? How about sending out email messages from work supporting a politician? Or using office computers to hunt for a new job? And if any of this is permissible occasionally, just when does it cross into excess?

This is a new spin on the old nuisance of employees making personal phone calls at work, but with greatly magnified possibilities. For one thing, the Web can be extremely seductive, lulling users to click screen after screen for hours at a time. Productivity can indeed suffer when dozens or hundreds of workers succumb to the temptation. What's more, unlike phone calls, electronic messages are often retrievable months or years later, and can be used as evidence in litigation against companies or individual employees.

In addition -- though many workers don't realize it -- when employees surf the Web from work, they are literally dragging their company's name along with them. Most Web sites can, and often do, trace the Internet hookups their visitors are using and identify the companies behind them. That leaves a serious potential for embarrassment if employees are visiting any number of places, from job-search sites to racist chat rooms.

Caught off-guard by the geometric growth of such issues, many companies have lost all hope of handling matters case by case. Some are using sophisticated software that monitors when, how and why workers are using the Internet. Others are taking first stabs at setting boundaries.Boeing, for one, seems to accept the inevitable with a policy specifically allowing employees to use faxes, email and the Internet for personal reasons. With the surge in day trading, is it OK for employees to log on to make a quick stock deal? At what point does it become excessive?

But Boeing also sets guidelines. Use has to be of "reasonable duration and frequency" and can't cause "embarrassment to the company". And chain letters, obscenity and political and religious solicitation are strictly barred. Other companies are more permissive, but make it abundantly clear that employees can't expect privacy.

Saying it recognizes that employees may occasionally need to use the Web or email for personal reasons, Columbia/HCA Healthcare issues this warning in its "electronic communication" policy: "It is sometimes necessary for authorized personnel to access and monitor their contents." And, it adds, "in some situations, the company may be required to publicly disclose email messages, even those marked private."

Lawyers have been advising companies to write such policies and alert employees that online activities will be monitored and that they can be disciplined. Such warnings make it difficult for employees to win any suit asserting that they expected their communications to be private -- already an uphill claim given that the equipment belongs to the company in the first place.

Some 27 percent of large US firms have begun checking employee email, a huge jump from 15 percent in 1997, the American Management Association recently found. Some routinely do this to search for obscene language or images. Passed along employee to employee, those could constitute grounds for a sexual-harassment suit.

But the practice has generated controversy, particularly when workers are not forewarned. Earlier this month, California Governor Gray Davis vetoed a measure that would have barred employers from secretly monitoring email and computer files. Under the bill, companies would be allowed to do so only after they established monitoring policies and notified employees of them.

Asserting that employers have a legitimate need to monitor company property, Davis said: "Every employee also understands that expense reports submitted for reimbursement are subject to employer verification as to their legitimacy and accuracy."

But even if a manager is within legal rights to peek at employee email, does that make any kind of digital fishing expedition ethical? What's an employer to do, for example, if such a search of an employee's email reveals that he has an undisclosed drug problem or is looking for another job? To balance employee rights and a company's legal interests, some privacy advocates say, employers should check email only after a worker is suspected of misconduct. "Just because companies own bathrooms doesn't mean they have the right to install cameras and monitor whatever goes on in there," says Marc Rotenberg, executive director of the Electronic Privacy Information Center, an advocacy group in Washington.

Against the tide, some companies and government agencies are trying to cling to "zero tolerance" policies, prohibiting any personal use of company equipment. One is Ameritech, whose business code of conduct specifically states that computers and other company equipment "are to be used only to provide service to customers and for other business purposes," says a spokeswoman for the telecommunications company. The policy "ensures our employees are focused on serving customers," she adds. Reminders about the policy are sent periodically. BellSouth was a similar hard-liner until the summer of 1998, when it caved in.

"We got a lot of questions from people saying they were afraid to give someone their company email address for things like weekend soccer clubs," says Jerry Guthrie, the company's ethics officer. "We work long hours -- we wanted to offer it as a benefit to employees." Before BellSouth employees can log on to their computers, however, they now must click "OK" to a message warning them against misuse of email and the Internet, and alerting them that their actions can be monitored.

Since the company changed the policy to allow for personal use, its security department has conducted more than 60 investigations of abuse. Some employees were suspended or fired for violations including accessing pornographic sites and spending too much time on non-business Web pages, including sports sites.

BellSouth, like many other companies, uses filtering technology to block certain sites, but even that is a chore. Since each division currently filters different sites, the company is in the process of standardizing which sites will be blocked company-wide. "Some companies block sports and financial sites," says Guthrie, though BellSouth doesn't intend to. But, he says, BellSouth will probably block access to "sex sites, hate sites and gambling sites".

In May, Zona Research, an Internet market researcher, found that one-third of companies screen out any sites not on an approved list. In its survey of more than 300 companies, Zona also found that 20 percent of companies filter sites based on the user's job and another 13 percent based on the time of day. But companies trying to construct such dams are discovering leaks all the time. Gambling, adult and other controversial sites are sanitizing or disguising their address names to operate under the radar of firms monitoring and blocking Internet content.

One site remained undetected to cyber-smut police until it made headlines recently. Not to be confused with 1600 Pennsylvania Avenue, offers X-rated content.

They can see you... Read about how and why in Surveillance , a ZDNet News Special.