Snooping E-Mail by Software Is Now a Workplace Norm

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
March 9, 2005
Snooping E-Mail by Software Is Now a Workplace Norm

It still isn't known how the e-mail that cost Harry Stonecipher his job
as chief executive at Boeing Co. was intercepted or by whom. Boeing
directors ousted the CEO earlier this week after they learned about an
e-mail he had sent to a female employee with whom he was having an

But what every employee ought to realize by now is how completely
nonprivate their office e-mail is. In a recent survey of 840 U.S.
companies by the American Management Association, 60% said they now use
some type of software to monitor their employees' incoming and outgoing
e-mail, up from 47% in 2001. Other workplace privacy experts place the
current percentage even higher.

And in most states, companies don't have to tell employees their e-mail
is being monitored. Only Connecticut and Delaware have laws requiring
companies to notify employees, says Jeremy Gruber, legal director at
the National Workrights Institute, a Princeton, N.J., workplace privacy
advocacy organization.

Elsewhere, companies are free to monitor at will all e-mail sent and
received using company equipment or company e-mail accounts, says Mr.
Gruber, adding that he doesn't know of a single case where an employee
has successfully challenged workplace e-mail monitoring.

As an employee, "you have no rights whatsoever," says Mr. Gruber,
adding he doesn't know of a single case where an employee has
successfully challenged punishment received as a result of workplace
e-mail monitoring.

There is slightly less attention paid to internal e-mail. Only 27% of
employers use technology to monitor internal e-mail conversations
between employees, up from 19% in 2003, according to the American
Management Association.

The discrepancy reflects companies' overriding concern that sensitive
information will seep out to the world through e-mail, even though the
most potentially embarrassing or legally damaging e-mails tend to be
those sent from one employee to another, says Nancy Flynn, director of
the ePolicy Institute, a consulting firm that conducted the survey with
the American Management Association. "Internal communications are where
employees are most likely to play it fast-and-loose with language," Ms.
Flynn says. "That's the e-mail most likely to get employees into

E-mail-scanning software has become increasingly sophisticated in
recent years. In the past, the software would typically check e-mail
messages against a list of keywords, such as profanity. Now, such
programs can be customized for each company, and often look out for the
name of a company CEO, competitors or product code names, in addition
to inappropriate language, including profanity and sexual terms. The
systems can also track if an employee is copying or deleting files --
or not doing much at all.

Companies can also customize monitoring systems to flag
industry-specific words or phrases that might pose ethical problems:
Financial-services firms might search for words like "promise,"
"guarantee," or "high yield," while a health-care company would watch
for terms like "patient info" or "client file," says Richard Eaton,
chief of TrueActive Software Inc., of Kennewick, Wash. The company's
software can track every keystroke, file-download and Internet page
that appears on an employee's computer screen. Its customer base of
80,000 employers has more than doubled from roughly 30,000 four years

Increasingly sophisticated monitoring systems now frequently use long
lists of terms and evaluate the context in which words appear. "The
days of simple key-word searching have really long gone," says Stephen
Purdham, chief executive officer of SurfControl. The Scotts Valley,
Calif., company has about 14 ready-made lists of hundreds of words
tailored to specific industries that it provides customers. In many
cases, companies are on the lookout for slang terms specific to certain
countries, he says.

One prominent software supplier is MessageGate -- which was started up
by Boeing and was spun off as a stand-alone company since 2003. Boeing
still uses MessageGate, says Bill Bunker, vice president of marketing
at MessageGate, based in Seattle. He declined to say whether
MessageGate software was involved in the discovery of Mr. Stonecipher's
e-mails. Other MessageGate customers include Lockheed Martin and
Tribune Co., Mr. Bunker says.

In addition to software, companies increasingly are hiring staffers to
read individual outgoing e-mail messages, says Jonathan Penn, an
analyst at Forrester Research. Of the companies that already use
software to scan e-mails, 31% also have hired employees to physically
monitor e-mails, according to a study the firm conducted last year. The
practice was especially common at companies with more than 20,000
employees, Mr. Penn says.

Webcor Builders, a San Mateo, Calif., construction company, put in
scanning tools by KVS Inc., MessageLabs and FrontBridge Technologies
Inc. several years ago. The programs can search by keywords, as well as
by word patterns and competitors' names, says Gregg Davis, Webcor's
chief information officer. He says Webcor began using the tools to help
it comply with project audits and to keep a record of e-mails for legal
matters. Occasionally, though, the tools are used for other reasons
similar to what occurred at Boeing, says Mr. Davis.

"Sometimes we have internal investigations, and we're asked to look
into allegations," he says. So the software helps the
information-technology department dig up e-mails for those purposes.

Some employees have complained that such tools are invasive, Mr. Davis
says. But when employees join the company, they sign a detailed
document that notes that work e-mail is used for work purposes only.
"Sometimes people forget that," he says.

Recently, Webcor ramped up the amount of monitoring it does. In
addition to e-mail, it now also monitors employees' instant messages,
as well as blog sites, says Mr. Davis. "A lot of this is related to
keeping a competitive advantage. We want to make sure proprietary
information doesn't get into the wrong hands," he says. But Mr. Davis
concedes that the area is "a moving target. There's a fine line between
your privacy and a company's ability to do business."

With companies so clearly concerned about what employees are saying in
e-mail, the market for scanning software is taking off. Forrester
Research says the industry is growing at a rate of about 30% a year,
hitting $250 million to $300 million today. Part of the growth is
driven by companies' desire to weed out inappropriate content, says Mr.
Penn. But increasingly, companies also are using software to make sure
e-mails are compliant with corporate governance and regulatory demands,
such as Sarbanes-Oxley.

Mr. Stonecipher isn't the first CEO to make an embarrassing e-mail
gaffe. Consider Neal Patterson, the chief executive of medical software
maker Cerner Corp. of Kansas City, Mo. In 2001, Mr. Patterson fired off
a message to senior managers at the company, berating them for their
work habits, Ms. Flynn notes. "The parking lot is sparsely used at 8
a.m.; likewise at 5 p.m.," Mr. Patterson wrote in the e-mail. "As
managers -- you either do not know what your EMPLOYEES are doing; or
YOU do not CARE. ... You have a problem and you will fix it or I will
replace you. ... What you are doing, as managers, with this company
makes me SICK."

The e-mail promptly leaked out onto the Web. Two weeks after Mr.
Patterson sent the message, Cerner stock lost more than a quarter of
its value after investors became concerned about the company's
prospects and employee morale. Mr. Patterson has remained at the helm,
however, and is still CEO of the company today. Through a Cerner
spokeswoman, Mr. Patterson says he sent the e-mail to people he knew
and didn't realize it would get passed around. The spokeswoman says Mr.
Patterson still jokes that his e-mail is used in college courses around
the world as an example of how not to manage.


Many words that raise red flags in company emails aren't printable.
Some that are:

Sure thing
Easy money
Patient record
Client file

Source: TrueActive Software

Re: Snooping E-Mail by Software Is Now a Workplace Norm

} But what every employee ought to realize by now is how completely
} nonprivate their office e-mail is. ...

Notice that this sidesteps the fact that *EVERYTHING* is "nonprivate" in an
office -- letters you send can/should be filed [if not reviewed before
being sent].  Incoming mail at many companies is routinely opened in the
mail room to ensure that it is routed to the proper work area [and often
filed, dated, and logged].  I don't know where folk get the idea the their
role in a workplace is some sort of private enclave, rather than their
acting in a specific *function* for the company they're working for, and if
they disappear tomorrow, the name may change but the _function_ will

} Elsewhere, companies are free to monitor at will all e-mail sent and
} received using company equipment or company e-mail accounts, says Mr.
} Gruber, adding that he doesn't know of a single case where an employee
} has successfully challenged workplace e-mail monitoring.

I think that's right.  The company in general and the directors in
particular are almost certainly legally responsible for things that happen
in the company's name in the course of their doing business, and so I think
it'd be irresponsible *NOT* to make sure there are records of such things,
both incoming and outgoing...  [not to mention needing evidence if there
are allegations of sexual harassment or other improper behavior].

Bernie Cosell                     Fantasy Farm Fibers            Pearisburg, VA
    -->  Too many people, too few sheep  <--          

Re: Snooping E-Mail by Software Is Now a Workplace Norm

MrPepper11 wrote:

Quoted text here. Click to load it

Yes, this is true. As security professional I am required by my company to
monitor and report email that is questionable. I personally do not totally
agree but, it is my job. However, what surprises me, is how many people
abuse the system....

When you are work, you need to remember you are at work. Save the personal
stuff for when you go home...


Site Timeline