understanding the importance and impact of anonymity and authentication in a networked society
navigation menu top border

.:home:.     .:project:.    .:people:.     .:research:.     .:blog:.     .:resources:.     .:media:.

navigation menu bottom border
main display area top border
« When Personal Space is Nothing but Trouble | Main | RFIDs: Patents Pending »

Little Brother – Electronic surveillance inside private organizations

posted by:Chris Young // 11:59 PM // July 18, 2006 // ID TRAIL MIX

trailmixbanner.gif

Much is made of the potential pitfalls of overly broad government surveillance of civilian activities, and rightly so. Most will agree it is a good thing that our society still has at least some intuitive understanding that such powers in the hands of those who govern us can do more harm than good in the long term. However there is a parallel realm of human activity where surveillance also occurs and which is discussed much less frequently. I have in mind here the world of private organizations and the (mostly) electronic surveillance they engage in over their own employees. Of course this is more of a potential issue with large organizations that have the resources necessary to pay for the technical and human resource requirements that this entails, however moving forward smaller and smaller organizations will be able to put in place the mechanisms necessary for employee surveillance, as it is very likely that out-sourcing services in this area will become available. Further, out of the two types of organization I am most familiar with, the university and the for-profit corporation, the latter is much more likely, in my view, to engage in employee surveillance, as universities still maintain a respect for researcher independence (among other factors). On the other-hand, corporations, slightly paranoid about anything that might affect their bottom line, will tend to jump reflexively to employee surveillance as just another good business practice. Before providing some thoughts on whether this should even be accepted as true, I will go over a few things that recently appeared in the news that shed a bit of light on what is actually going on in the corporate world.

CBC recently reported on the release of a Ryerson University report discussing the use of electronic eavesdropping on employees by private corporations in Canada. Apart from showing that the practice was widespread, one of the findings was that employers did not stop to think that this sort of activity might be a problem. Another report surveying American and British corporations found that somewhere close to 40% of these routinely eavesdropped on employee communications. To some extent this is warranted, as the way in which, and what, employees communicate to the outside world clearly is company business. However many employees will use their company email accounts for private communications. Further, other electronic communications media are either coming into regular use or are becoming more networked, making them equally vulnerable to surveillance on the part of the organization. I have in mind here instant messaging, heavily used by those under thirty years of age, and the transition of phone services from analog networks (which in practice makes eavesdropping rather difficult) to fully digital and integrated networks, the most obvious example being VoIP (Voice over Internet Protocol) telephony. For example, a private telephone call made over an IP phone on a corporate network to a government agency, during which the employee might communicate information such as their social insurance number, can not only be intercepted and heard by the IT department of that corporation, but can very easily be permanently stored on a corporate network. There are of course many other types of information of a private nature which individuals may prefer to keep to themselves and which are in no way corporate business. The international nature of contemporary businesses and electronic networks also means that such information is as likely stored in another country as where one’s physical place of work is. If information resides on US networks, it may well be available to US government security agencies under local legislation. Someone trained in law might better be able to shed light on this aspect of the issue than I can.

My own response when working at a private company has been to limit my use of company email software and phones to strictly business uses. My mobile phone and encrypted web-based email services I use for personal communications. However, I happen to be both tech-savvy and aware of developments and common practices in electronic surveillance, which is not true of the population at large. Further, I have the financial resources to use a mobile phone during the day, which may not be true of some categories of workers. In passing, the importance of encryption becomes obvious in this context as a way for employees to protect their private information, and speaks to its value as a democratizing force in an electronic world.

One point that is made in the Ryerson report that might be overlooked by some is that very often the IT departments of large corporations are implementing electronic surveillance practices without the oversight, or even the knowledge, of human resources departments. It seems to me that human resources personnel should be an essential part of the teams creating electronic privacy policies within corporations. For one thing they are trained in orginizational theory and are well-placed to judge what the best use of electronic surveillance over employees might be. It is not at all clear to me that pervasive surveillance of employee activity has the best outcome in terms of employee productivity and overall organizational efficiency. Secondly, human resources personnel often have at least some social science or liberal arts background, which (one would hope) gives them more of an insight into the appropriateness of using technology to peer into the private lives of employees.

Apart from the surveillance free-for-all that some IT departments engage in (at a large corporation I have recently worked at, the answer of one IT person to my question as to what they looked at in terms of web communications to the outside world was “everything”, or words to that effect), there is the added factor that the surveillance policies being implemented, whether planned or ad hoc, are rarely communicated to the employees. Many people may not realize that a private phone conversation related to family matters, for example, will possibly reside on company servers for the next several years or more (the conversation would likely be archived as part of the normal data storage activities of the company in question).

The surveillance of private communications in the corporate world, although less politically sensitive than government surveillance of the civilian population, does warrant some attention, as it will affect more and more people’s everyday lives in the coming years.

Comments

You're absolutely right. To go even further, up until last week (July 17 to be exact) surveillance in employee locker rooms, in New York State, was completely legal. And the real kicker? No one knew the cameras were there.

Posted by: Natalie at July 26, 2006 11:42 AM

Hi Chris,

Thanks for this. I wonder whether the surveillance practices of the private organizations -- both with respect to their employees and (potential) customers -- aren't more threatening from a privacy perspective than those of the governmental organizations. Perhaps the "Little Brother" is little in name only?

Posted by: David Matheson at July 26, 2006 12:14 PM

Post a comment




Remember Me?


main display area bottom border

.:privacy:. | .:contact:.


This is a SSHRC funded project:
Social Sciences and Humanities Research Council of Canada