**NOTE TO READERS**

If you reached this Web page after clicking on a "Privacy Alert" pop-up advertisement, please read the following:

This is not a Wired News ad. The Wired News content and link displayed in the "Privacy Alert" pop-up advertisement are being used without the permission of Wired News and its parent company, TerraLycos. We are trying to locate the company responsible for running the ad so that we can delete any references to Wired News.

Unfortunately, we do not know how to remove the ad from your computer if you have downloaded it. However, we share with your frustration in dealing with insidious third-party advertising efforts like this one.

-The Wired News Editorial Team

If you feel your privacy at work has been eroding lately, it's probably more than just your imagination. Experts say companies are under increasing pressure to monitor employees electronically, and workers should assume they are being watched.

Concerns about liability in harassment suits, skyrocketing losses from employee theft, and productivity losses from employees shopping or peeping at porn from their cubicles have led to an explosion in the number of companies conducting some form of electronic monitoring on their employees.

Over the past year, the battle of security vs. privacy in the workplace has been heating up.

A study (PDF file) published in April 2000 by the American Management Association pushed the issue into the headlines last spring. The study found the number of companies conducting some form of "active monitoring" of their employees had jumped from 45 percent in 1998 to 74 percent in 1999. E-mail monitoring rose from 27 to 38 percent over the same period.

International Data Corporation (IDC) estimates that corporations worldwide spent $62 million on Internet filtering and monitoring software in 1999. An IDC study predicts that figure will rise to $561 million by 2005.

New products such as Raytheon's SilentRunner allow companies to monitor absolutely everything passing over their network, from e-mails to instant messages, in any language without the end user's knowledge.

In response to rising concerns over increased employee monitoring, Congress considered legislation last year requiring companies to notify employees if they are being watched. The bill, called the Notice of Electronic Monitoring Act (NEMA), died in committee but is expected to be reintroduced this year.

California Governor Gray Davis vetoed similar state legislation twice. Only Connecticut currently requires employers to notify their workers of monitoring.

According to Michael Overly, partner in the Internet law group at Foley & Lardner and author of E-Policy: How To Develop Computer, E-Policy, and Internet Guidelines to Protect Your Company and Its Assets, a worker's right to privacy is technically protected under state law, but there's a catch.

"All states have a right to privacy based on a 'reasonable expectation of privacy,'" Overly said. "But the courts have said that if there is a written policy notifying employees of monitoring, there is no expectation of privacy."

This means that if an employee is led to expect something is private, such as e-mail communications, then that privacy cannot be violated. But, if the company informs its employees that, for example, e-mail sent over the company's network is monitored, then the employee can no longer claim an "expectation of privacy." In short, once the company stakes its claim over its cyber-dominion, its employees have no right to privacy there.

"I tell employees that if they want to have a truly private communications, don't have them from work," Shanti Atkins said.

Atkins heads content development for Employment Law Learning Technologies, a consulting firm that helps corporations create privacy policies that reduce their risk of getting sued for invading their employees privacy, or, on the other hand, for not doing enough to protect them from harassment.

Corporations are really in a bind, Atkins said. They can be sued either for violating an employee's privacy by exercising too much control over electronic communication or Internet use, but also for not exercising enough control and allowing workers to be subjected to harassment.

Atkins said the key for successfully managing the balancing act between privacy and security is for firms to make clear to their employees that their privacy at work is limited.

"Lowering expectation of privacy is the No. 1 thing they can do to protect themselves from privacy litigation," she said. "It's not really about Big Brother watching. We've seen e-mail evidence becoming hot evidence in harassment suits, and employers have a duty to be sure harassment isn't being propagated."

While acknowledging that the risks of liability facing employers are real, Deborah Pierce, a privacy attorney for the Electronic Frontier Foundation, cautioned employers against using security and liability concerns as an excuse to subject their employees to demeaning levels of surveillance.

"By constantly monitoring, what kind of an environment are you creating there? Companies need to weigh that in their equation," she said. "It boils down to human dignity. People just don't want to be watched all the time, and happy workers are productive workers," she said.

But workers may also have to pay a price to maintain the right to anonymous e-mail. Overly said harassment of corporations and individual employees in the workplace from anonymous e-mail accounts is a growing problem without a clear solution.

"One disgruntled employee can cause harm to a huge corporation with one free e-mail account," he said.

He cited one case at a manufacturing facility in the Midwest where every single female employee received threatening e-mails through an anonymous account. The messages were disturbing enough – "I'm gonna get you when you walk to your car," etc. – to throw the whole factory into turmoil.

A company's good name is easy prey as well. Overly estimates his office receives three calls a week from companies that have been victimized by anonymous e-mail communications. A typical tactic involves doctoring an abusive message to make it appear as though it was sent by the company, then sending it out to thousands as spam.

"There's nothing like getting a call from an executive saying they're getting 50 complaints an hour from people who have received a fraudulent harassment e-mail and having to tell them there is nothing they can do to stop it," he said. "That's what has so many people upset."

There is something companies can do: tighten control over what is sent and received over e-mail. If a corporation's own e-mail can be submitted as evidence in harassment cases against them, it has an incentive – some say even a legal obligation – to keep tabs on what their employees are writing and receiving through e-mail.

Two recent Supreme Court decisions found that once a case of harassment comes to an employer's attention, the company has to try to stop the abuse and work to make sure it doesn't happen again. Otherwise, the company can be held liable.

"The decision essentially says that an employer may have a defense (against a harassment suit) if it can establish it used reasonable care to prevent what happened and acted promptly to remedy the situation," Overly said.

This burden accounts for part of the explosive rise in the use of filtering and monitoring software, he said. The latest trend is to implement software that will stop potentially abusive e-mail messages before the damage is done.

"If you look at every single harassment case, it involves a supervisor harassing an employee. It's hard for the employee to go over their head." Microsoft, he said, is developing a product that an employer can use to block messages with content the company deems offensive from ever reaching its employees.

Brian Burke, who analyzes the filtering market for IDC, sees similar corporate concern over workplace use of the Internet. This has motivated companies to move away from simply filtering Net content and toward what IDC calls Employee Internet Management (EIM).

Filtering is "negative," Burke said, meaning it allows everything through except for sites on the filter's block list. But the pace at which new websites are created means that filtering programs demand constant updating. Burke sees the trend moving away from this method of controlling access and toward a more "positive" model.

While "positive" access control sounds good, what it means, essentially, is telling employees which sites they can visit – with access blocked to all others. This is opposed to allowing nearly unlimited Internet access with only pornography or other particular sites blocked. In short, if Burke is right, EIM is another sign of reduced electronic freedom at work.

The overall message to employers from ELT's Atkins is cautionary: "This tech revolution has opened a can of worms, and you better be careful."

If the explosion in monitoring is any indication, employers are getting the message. Workers sending personal e-mail or surfing the day away may be wise to heed the same advice.