One aspect of high tech industry is the close relationship between privacy and security. This report deals with the electronic monitoring of corporate employees. The report will address issues such as monitoring of employee computer activities, employee e-mail tracking, and mining of data from emails that are sent and received. Large companies have numerous employees who have access to computing resources, it behooves the organizations for which these people work to monitor network activity. The data thus gathered can be used for a number of purposes, these include decision support, data mining, employee performance evaluation, and protection from legal exposure.
A large amount of data about employee work habits can be determined from the analysis of e-mail habits. Much of this data can be very useful to the corporation. Information as to the nature of communications between clients and representatives can be extracted from e-mail using special software that is commercially available. This data can be utilized in conjunction with other client information for decision support purposes. It can also be used to track the performance and work habits of employees.
Information gathered from scanning e-mail can help to determine whether or not an employee is doing his or her job. It can also be used to make assessments as to the trustworthiness of an employee and help prevent confidential information from falling into the wrong hands. In addition, careless use of e-mail may put companies at risk of legal exposure resulting in lengthy and expensive law suites.
Network activity and access can be further tracked via firewalls and proxy servers. Internet sites visited by employees can be tracked to ensure that time is being used appropriately. Additionally, attack data can be captured which may help reveal espionage and other detrimental activities.
The history and legality of these issues will be discussed in the report as they relate to the corporate environment. As well, the implementation of the technical means whereby monitoring of users may be accomplished will be expounded. In addition, a recommendations and conclusion section will be included.

It has recently been publicized that many companies have begun monitoring the activities of those in their employ while at work. There are several reasons why they would engage in this activity.
An important aspect of corporate strategy and planning is the confidentiality of those plans. It is very important that this information be kept out of the hands of competitors. The leaking of this data could be so detrimental to a company as to cause it to have to go out of business, or in the very least have to formulate new strategies and plans. It is well known that one of the easiest ways for anyone to send this information to a competitor would be to simply email the information.
The company could be exposed to risk of legal exposure if one of its sales personnel or other representatives were to be using the email system to make false or misleading claims to clients. Company representatives make many statements to customers using electronic means. They do this in the name of the corporation. As such, what they say can be construed by those clients as being indicative of promises or guarantees on the firm's behalf.
An employee who is using corporate resources to connect to services such as the World Wide Web is able to send email anywhere in the world. It is possible that an employee could use computing facilities to engage in various objectionable behaviors such as stalking or the distribution of pornography. If this activity were to be traced back, the firm could be found guilty of a criminal offence. It is possible that by failing to monitor the activities of employees, the firm could be found guilty of willful blindness and thereby subject to criminal penalties.
Productivity concerns are also at stake in this issue. It is well understood that employees who are not supervised by some means or other can waste a considerable amount of time. This is very expensive in terms of wages paid to unproductive workers. By monitoring staff members it would be possible to increase productivity by either reprimanding unproductive employees, or by weeding them out and dismissing them.
The very lifeblood of an organization could be dependent upon any of these factors. As a result, the history, purpose, ethics, and legal implications will be discussed. As will the technical feasibility and means by which monitoring techniques could be implemented.

The monitoring of employees is an old practice dating back in history many hundreds of years. Traditionally is the right of an employer to be able to check on the performance and activities of an employee. Formerly this task was accomplished by physically checking on the employee and watching the way he or she worked or it was done by gauging the amount of work done in a given period of time. This practice has evolved with the advancement of technology and it is now possible to observe the activities of an employee using various electronic methods. The electronic methods now employed vary according to the task being performed.
Numerous technologies can be used to monitor the activities of corporate employees. These include methods that can be used to monitor telephone calls, view employees with video equipment, scan email, and track Internet usage. In addition to this, systems are also available that can keep track of the keystrokes on computer terminals.

In Canadian society privacy is taken for granted by many individuals. The right to privacy is not only taken for granted, but is assumed by many to be an inviolable right. The security of private communications is protected by law and it can be can be assumed that listening to or otherwise monitoring communications that would normally be considered private is a violation of federal law.
Section 185 (1) of The Criminal Code of Canada states "Every one who, by means of any electro-magnetic, acoustic, mechanical or other device intercepts a private communication is guilty of an indictable offence and liable to imprisonment for a term not exceeding five years". This shows the seriousness that is attached to privacy by society. However, subsection (2) goes on to make allowances for people with consent to intercept, service providers, and law enforcement.
By providing the email facilities, the corporation is in a sense acting as a service provider. However, the statute makes very clear that in this case the monitoring must be random and done for the express purpose of providing the service or for quality control checks (Section 184 (2) c.). Clearly the above stated reasons for monitoring do not apply. However, there is nothing wrong with requiring all employees to sign a waiver, which would give management the right to intercept all employee communication.
In the province of British Columbia, a test case has been put before the Privacy Commissioner. This case involved the interception of employee email at the University of Victoria. The employees had complained that upper management was intercepting their email communications. The finding of the Privacy Commissioner was that institutions own email that is transported on their systems and that is the right of an employer to monitor the activities of employees. It was further found that this is a labour relations issue and that it is not a criminal code issue
In addition to the above-mentioned legal issues, this subject presents certain other issues. For example, if employees know that their communications are being monitored will it adversely affect their work performance in other less detectable ways? If a sales person knows that management is able to intercept his or her communications will it hurt sales by that person? Will employees begin encrypting their communications? These are only a few of the internal issues that are raised.
Equally important questions come from outside of the company. Examples of these would be the confidence of customers, such as, will clients be less likely to discuss their problems with the firms representatives if they know that the communication is not confidential? Clients are likely to have a very legitimate concern as to who has access to their data. The risk as to the effect this could have on sales is very important and requires careful consideration on the firms behalf.

Many corporations are concerned as to the security of their strategies and plans for the future. In today's business world, competition is fierce and the slightest advantage over a competitor could be worth millions of dollars. As a result, companies find themselves in the position of protecting themselves against information leaks.
One of most effective methods of industrial espionage is the mole concept. In this scenario one company will send an agent to apply to a competitor for a job. The agent acts as a spy within the competing company's infrastructure. Often corporate secrets relating to plans, strategies, new products, or even business practices can be simply emailed back to the agents home firm.
Another tactic used is to enlist an existing employee to do the same job. The employee can either be a paid agent, one who is motivated by some moral reasoning or he or she can be blackmailed into spying. In any event, the spy must communicate with its masters. The easiest way to do this is through the use of the corporate email communications system. If this type of activity goes undetected, it is possible for a great deal of confidential information to be delivered to the competition.
Safeguarding against espionage is not simple, however, there are methods that may help to detect this type of activity. Monitoring of telephones is one method. There are devices available that can scan corporate phone systems and listen for keywords. If the system detects a pre-selected keyword it listens to the conversation further. If more keywords are detected the conversation is recorded and management is alerted so that a human can listen to the offending conversation and decide on weather it is malignant or not. A similar approach can be taken with regard to email. Email messages can be scanned and if certain keywords are detected the message can be held and forwarded to management for further assessment.
Many large firms have already implemented these approaches to security. Especially company's who do government or defense contracting. They have been found to be effective in detecting the forms of espionage discussed.

There are some circumstances in which it is possible for an employee to put the company for whom he or she works in legal jeopardy. These types of legal exposure can take on two distinct forms, criminal and civil.
It is conceivable that an employee could use the company computer system to perform certain criminal activities. Hacking would be one example of this. If an employee where to hack into another computing system using company resources and the intrusion were traced back, then it is quite possible that criminal charges could result. In the event that the guilty employee was not apprehended, the company would likely find that it was the target of criminal prosecution. This could be time consuming as well as costly.
Another common criminal activity that an employee could perpetrate using company computing resources is the distribution of pornography. This crime is rigorously prosecuted by federal authorities. If seriously objectionable material were to be found as originating from corporate networks or servers, the entire system could become the subject of a search warrant or it could be seized as evidence. Such action would likely include backup systems and servers. "Upon issuing a subpoena, corporate computing can grind to a halt while the cyberslueths review the contents of backup tapes, network drives, and individual employee PC hard drives. Because courts want to ensure evidence is not tampered with or destroyed, these searches can lock up corporate systems for days"(Robertson & Unger, 1997)
In addition to criminal litigation, it is possible for th actions of employees to cause the company to face civil proceedings. This could result from any number of occurrences, for example, an over zealous sales representative could send an email to a client that misrepresented the capabilities of a product or overstated the limits of a warranty. The firm could then be faced with either having to honor the over blown claims of the sales person or face a civil suit.
In the case where an employee has used company resources for some form or wrong doing and the activity was not detected or was ignored by the employer, it is possible that the company could be considered to be guilty of the crime of willful blindness. In other words the company looked the other way and thereby permitted said nefarious activities to go on. It could be very difficult for the company to defend itself against this in court once it was shown that corporate resource had been used to break the law. Under Canadian law, the burden of proof is upon the defendant, not the prosecution.
In the case of civil litigation, the cost could become overwhelming, especially in the event of a class action suit where company computing systems were used to mislead numerous people and they were to band together to pool legal talents and resources. The corporation needs to rigorously safeguard itself from the threat of legal exposure due to employee actions. This can best be accomplished through the implementation of email scanners and Internet tracking software. By scanning all emails for keywords that would imply illegal activities or false claims by claims by sales persons, the company would be in a much safer position with a vastly reduced risk of legal action from either the government or from clients.

One of the earliest purposes for employee monitoring was to ensure that employees were on the job and that they were being productive, this is still the case. The time wasted by employees who are not doing their jobs is very expensive for many companies. Often employees are not aware they are wasting time or of the expense. There are numerous ways that time can be wasted.
Many employees have access to telephone in their offices. Although the phones are provided as a tool for work, they are often used for personal use. It is not uncommon for employees to spend time out of their workdays talking with friends or taking care of personal business. Extended breaks are another way that employees can cost their employers money. If employees spend extra time during their breaks smoking or having another cup of coffee, it is costing the company for lost time. In the case there are numerous employees doing this within the organization, the expense in wasted productivity can cost the firm thousands of dollars per day.
It is also possible that the employee is simply not efficient. An example of this would be the case where a typist was taking coffee to his or her workstation and taking time to between break periods to sip at the beverage. During the course of a year, the amount of time lost on the job can be considerable. If this situation goes undetected, the firm will end up putting out many dollars for wages to these employees. The loss of efficiency in this situation becomes very expensive.
There are employees in many firms who do not work the full day. It is not uncommon for unsupervised employees to fill out their time card for the end of the day and then go home early. This is a problem in many organizations and is extremely expensive. Sometimes, even if there are supervisors in the workplace, they can be complacent to this practice especially in the case of long-term employees who have known each other for a long time. If the supervisor is covering for other employees it is likely the problem will never be detected.
There are a number of monitoring technologies available for the work place. In the case of hourly employees, they can be monitored very efficiently using these technologies. Video cameras can be mounted at workstations, it is also possible to install systems that check if the worker is on the job by monitoring keyboard activity. In addition to this, scanning systems can survey telephone use and determine if company telephones are being utilized for personal use. By putting carful consideration into the methods used to supervise employees, it is possible to make the firm operate much more efficiently in terms of employee productivity.

When a company electronically monitors its employees over a period of time it can use the technology to build data bases containing large amounts of data about them. Email scanners, telephone Scanners, Internet tracking, and other technologies can be used to harvest information that can be used to develop personal profiles on employees. These profiles go beyond the traditional quantity of knowledge a company would posses. It is possible for the corporation to acquire information about such diverse things as whom an employee corresponds with, what the employee's relationship with his or her spouse is like, health problems, and other personal data.
Scanning and compiling information from log files would make it extremely easy for the firm to find out information about an employee's level of job contentment, attitudes, and opinions. This puts the employee at risk of exposure through close examination.
Although "Electronic technology designed to process and transport data and information has been developing at an exceptional rate for more than four decades" (Frenzel, 1999) many employees are not aware of the capability of modern computing devices. As such, they are not likely to take measures to protect themselves fron the effects of monitoring technologies. The normal logging procedures implemented by this technology will preserve vast amounts of information about them.
The information gained in this way can be used to help in making decisions about various organizational matters such as promotions or salary increases. It can also be used to decide what projects an employee would be best suited to work on. The use of data acquired in this way could raise privacy issues within the corporate structure. "Loss of privacy is the unauthorized collection or examination of personal data, or the intrusion of public scrutiny without your permission" (Edwards & Broadwell, 1982)
I make no comment on the ethics of these practices suffice to say that it is up to the management of the firm to decide what level of inspection is appropriate with regard to their firm.

There is a great deal of technology available that has been created for the express purpose of monitoring employees. Some of these systems are large or complex and represent considerable outlay in terms of capital. Others due to technical advances and economies of scale are becoming less expensive all the time. It is up to the individual firm to decide for itself weather or not to implement any given technology. Several such technologies will be discussed here.
Technologies that are able to read and find keywords in company email systems are becoming more common all of the time. These systems act as a form of surveillance that can be used to detect many types of transgressions.
Email scanners operate on a number of different levels. They monitor email for content as well as quantity. The technology works by reading corporate email. When it detects words or phrases that have been programmed into it, the message is forwarded to management personnel to be further scrutinized. This type of system also monitors the amount of email that is being sent. It can determine whether or not one person is sending and receiving more email than he or she should. It can also detect if the email is being sent to an inappropriate address. This type of technology is very effective in detecting activities such as corporate espionage or frivolous use of the email system.
Telephone scanning systems work on a similar idea. They scan through corporate phone calls looking for keywords. If a keyword is detected, the system listens to the conversation for additional words and if it detects them, the call is recorded. Management personnel can then manually listen to the message and determine whether it is offensive or not. This technology works very well and is used by a number of government agencies and defense contractors.
Another scanning technology that is available is able to determine the activity level of a keyboard. It can tell how many keystrokes are being made per minute and alert supervisory personnel if the number falls below the preset threshold. This type of system is often used to monitor secretarial staff. It is purely designed to check productivity and can save the firm a great deal of money by helping to weed out slacking employees.
Corporate computer networks can be sniffed for objectionable activity by a number of systems. These systems watch network traffic and intercept content using criteria that are similar to other scanning technologies previously discussed. It is able to identify offending workstations and reroute or intercept messages that are determined to be inappropriate.
Cameras are now available that can be mounted on the top of an employees monitor. These cameras can be used to randomly monitor the activities of employees. This type of visual surveillance can be used to replace traditional supervisory techniques. The supervisor can check on multiple employees without having to leave his or her desk. This represents a tremendous gain in efficiency, as time is not wasted going from one location to another.
Audio pickups can also be used to monitor the activities of employees. By mounting microphones in strategic locations, it is possible for management to monitor numerous aspects regarding the actions of employees. Hallways, cafeterias, and workstations are obvious targets for this type of monitoring. It can be used for a number of purposes.
All of the fore stated technologies could be implemented quickly and easily in most corporate environments should management decide there is a need for various monitoring systems. As such, implementation time lines could be determined based upon such criteria as availability and training time.

It should be noted that implementation of electronic monitoring systems traditionally meets various amounts of employee resistance. Many issues are brought to the forefront. Employees may feel threatened by the implementation of monitoring technology. They may feel that it is invasive and that it will be used to turn them into a form of Orwellian slave in which they must spend all of their time nervously working at top speed in order to please management.
In this vain it becomes apparent that some form of corporate education program regarding the implementation of these technologies be implemented. Employees need to be made aware of the fact that the technology is intended to be used for purposes of protecting their jobs and not to put them in the position of galley slaves.
The personnel who are put in charge of the new systems must also be educated in various aspects of organizational behavior and politics. These people will be in a very powerful corporate position in that they will have access to information about the entire organization, its employees, and the business it conducts. It is not unreasonable that these personnel be subjected to security checks on their backgrounds and personal lives in a manner similar to that performed by government agencies. Criminal record checks would be a natural part of this as well, these employees would by necessity be bonded.
Management personnel further need to assess the requirements of the firm in relation to monitoring activities. The implementation of these technologies requires that entire new job categories be created as well as the granting of a large amount of corporate power those in charge of the monitoring program. Risks need to be assessed, such as the potential threats incurred if a member of the monitoring staff should leave the firm or be offered a position with another competing firm. It is recommended that al members of the monitoring staff be required to sign a statement of nondisclosure as a condition of their employment with the firm.
Assessment also needs to be made with regard to the effect that monitoring will have on the performance of various types of employees within the corporate structure. It needs to be determined whether the very knowledge that an employee such as a sales representative is being monitored will have a detrimental effect on over all performance. It is possible that this type of employee can feel so intimidated by the implementation of monitoring practices as to be rendered ineffective in the performance of his or her job.
Another concern that management needs to to consider is the effect on clients. Clients may often be on a position were they need to communicate their own corporate data to sales representatives or other personnel. The knowledge that these communications are being intercepted could affect the confidence these clients place in the firm. Clients who are entrusting their own corporate secrets, strategies, and plans to representatives of another firm may become less trusting or just take their business somewhere else. This event would have a detrimental effect on the firm and would be a good reason to limit the extent of monitoring. For this reason it is recommended that management carefully weight the extent to which they plan to implement supervisory procedures.
Management further needs to consider counter measures that may be undertaken by staff to thwart measures taken to monitor they behavior. These measures could include tactics such as the use of encryption in emails as well as the use of anonymizer services on the Internet. In this case loyal and trusted employees may place them selves in a position of distrust or suspicion. Further countermeasures taken by employees could include less use of email facilities and the refusal to store information on corporate computing systems.

Today's corporate environment is highly competitive. Information is very important to the survival of any business. Any efforts directed toward the monitoring of employees is an attempt to gather information regarding the activities of those employees while they are at work. As such the privacy of these employees as well as the confidentiality of various corporate activities and plans is also at stake.
It can be concluded that every business needs to monitor employees to some extent. This can range from the case where all that is needed is to ensure that the employee is constructively occupied with useful work to the more serious case where it is necessary to safe guard against industrial espionage or other nefarious activities. As a result the monitoring or supervision practices implemented need to reflect the corporate goals and align themselves with the stated objects of implementing them in the first place.
It can further be concluded that supervisory tactics must be implemented in such a way as to reduce intimidation levels among staff members. This will help to reduce resistance levels as well as make it easier to implement the procedures. This can primarily be accomplished through the education of employees and staff members as to the purpose and the limitations of the procedures being implemented. It can further be concluded that by reducing anxiety among staff and other employees they will not only cooperate with the implementation of the new system, but also that they will help to ensure that it is a success.
In closing, it should suffice to say that management has a legitimate need to monitor the activities of those in its employ. The threat from directions such as industrial espionage, legal exposure, and non-productive employees is a serious one and is not to be taken lightly. Therefore it is a requirement of business that some form of monitoring be implemented. Dependent upon the methods used this should help to keep the firm safe from internal and external threats, as well as, aid in the maintenance of maximum productivity.