Corporate Snooping

An article in the Sunday, October 29, 2000 edition of the Los Angeles Times, by Greg Miller, caught our attention and reminded us of past HRKN meeting discussions.

Entitled, "High-Tech Snooping All in Day's Work Security," the article talks about the use, by some firms, of computer investigators to (ostensibly) covertly uncover employee 'wrongdoing.'

These techno-snoops copy employees' hard drives and comb them for evidence of workplace wrongdoing, using tools and techniques that were devised for law enforcement to catch criminals. Miller says that there are dozens of companies doing this (45% of the nation's largest companies), and cited Microsoft, Disney, Boeing, Motorola, Fluor, and Caterpillar as examples. (Federal law permits this--with NO requirement to inform employees. Connecticut is the ONLY American state with such a proviso. California's governor, Gray Davis, twice vetoed similar legislation.)

The issue for HRM professionals to consider is, how do we guarantee workplace privacy for employees who are tied to their office computers? And how reasonable is the use of computer forensics for companies who engage in this practice for the avowed purposes of catching employees (1) who are spending too much time surfing the Internet, or (2) who are stealing company secrets.

According to Miller, what most often happens in this type of search is that investigators turn up embarrassing details about workers' health problems, marital woes and financial difficulties.

The vast majority of employees have no idea of the extent of their vulnerability. This work is done by investigators who obtain copies of employee's hard drives by ruse, or who simply sit at their PCs while the employee is home asleep. They pore through caches that the employee doesn't know exist -- resurrecting deleted files.

Many companies keep logs of employees' Internet use and peek into their e-mail. Some use software that records every keystroke, spotting suspicious clusters of activity on a company network. But computer forensics take surveillance a few steps further. They approach the task in much the same was as an archeologist, sifting through a drive's contents for evidence and handling it so carefully that not a single byte is altered.

Investigators' searches turn up digital evidence that leads to employee discipline or dismissal for stealing business plans, submitting phony expense reports, stockpiling pornographic pictures, embezzlement, etc.

Miller mentions the termination of employees for inappropriate use of the Internet (most often for the transmission of sex-related materials) by: Dow Chemical Corp. (50 fired; 150 suspended), Merck (2 fired, dozens disciplined), Xerox Corp. (40 fired), and the New York Times (23 fired).

Computer forensics is rapidly becoming a hot new profession. Microsoft Corp., for example, now has a team of five forensic investigators and a dedicated lab, handling about 60 incidents a month.

Large consulting firms are revving up by recruiting top government computer crime investigators. Ernst & Young has 120 forensic consultants on staff, with a billing rate of $200 to $425 per hour. You can be sure that if the need for their services did not already exist, the "need" will grow after the firms' business development people have made their presentations.

The only way an employee can 'cover up' embarrassing files is for him/her to overwrite it. Merely deleting it won't do the trick. Most of us are unaware that our computers tuck information into myriad crevices. Even if we are aware that is happening, we don't understand how to clean them out.

Ninety percent of today's companies use Microsoft Windows, an operating system notorious for caches and temporary folders that snag pieces of almost every file on the user's screen.

Encase, developed by Guidance Software Inc. in Pasadena, CA, has turned computer forensics into a point-and-click procedure. Miller says that Encase "makes an exact copy of a drive without altering it, revives deleted files, scans for everything from pornography to bomb recipes, and spits out a report designed to pass muster with federal prosecutors. The software has reduced to hours work that once took days. And while previous forensic tools took months to master, investigators can become proficient with Encase after a weeklong training session."

Used first and primarily by such entities as the Secret Service, Customs Service, and law enforcement agencies (such as the Los Angeles Police Department), this program has moved heavily toward the private sector. Customers include: Disney, Bank of America, Coca-Cola and Philip Morris.

The possibilities for totally inappropriate snooping are huge. Consider, for a moment, how companies can use this information to smear whistle-blowers.

Since there is no law to prevent companies from using this technology, there is no agency to monitor that use. Companies are free to set and follow their own policies. Some may not launch an investigation without clear evidence of wrongdoing -- but others may investigate based on a gut feeling that a key employee might be considering leaving.

Employees who are "wired" will soon learn about Evidence Eliminator, a program developed to thwart Encase by wiping the areas where that program often finds evidence. [We envision books and seminars on "How to Foil Computer Forensic Investigators" coming to your local bookstore and conference center.] But since most employees learn of forensic searches only after they've already been cornered, few will make the effort to learn what they need to do to cover their tracks.

HRM remains at an uncomfortable fulcrum, attempting to balance their employers' need to protect legitimate business interests and their employees' right to privacy. It is imperative for senior managers to meet, confer, and develop policy statements NOW. The issue is far too important to handle on-the-fly.

We are, after all, talking about TRUST. Organizations have been laboring for years to transform their cultures from fear-driven to trust-based. It is easy to slide backwards and hard to recover. No one can perform at peak while looking over his/her shoulder for Big Brother. Let's take our places around the conference table to talk about business and professional ethics BEFORE we are invited to take our seats on witness stands.