MAY
1999
Viruses
Aren’t Your Only Internet Concern
IMELISSA,
THAT RECENT COMPUTER VIRUS, helped remind everyone that the
Internet can be both treasure chest and Pandora’s box
– full of all kinds of surprises.
While
various laws prohibit electronic malfeasance, ranging from
unauthorized computer access (or "hacking") to the
distribution of child pornography, the Internet is a largely
unregulated medium. Using your company’s Web server
and E-mail system, employees can engage in all sorts of activities
– some legal and some not, some meritorious and some
downright embarrassing.
Over
the course of a week, for example, it is entirely conceivable
that all or some the following kinds of electronic transactions
may be occurring at your facility:
- Terry
E-mails his boss’s boss about a product safety problem
he thinks may be looming on the horizon, not realizing that
his E-mail can later be subpoenaed by the government.
- Sam
receives what he believes to be a hilarious racist joke,
which he forwards to a "buddy list" of acquaintances
inside and outside the company.
- Phyllis
takes what she believes to be a particularly obtuse memo
from Personnel and E-mails it to Scott Adams, creator of
Dilbert.
- Alice
decides to auction off her daughter’s collection of
Beanie Babies, using her corporate E-mail address. Todd,
concerned about a competitor’s recent string of product
introductions, decides to see if he can break into restricted
portions of the competitor’s Web site.
- And
Bill fires off an E-mail letter to a trade publication,
accusing the editor of being a shill for the industry, especially
on stories concerning pollution control.
These
are not manufactured examples. Only last month, Raytheon Corp.
went to court to learn the identities of employees who were
using a public chat room to complain about the CEO, the company’s
stock price and merger-and-acquisition plans. The employees,
who used such aliases as "Rayman" and "Raytheon
Veteran," never dreamed that American Online could be
compelled by subpoena to reveal their true identities.
Let
Your Employees Know the Rules
There’s
an old saying that locks don’t stop determined thieves
– but they do help honest people stay that way.
While
companies publish all sorts of handbooks governing employee
conduct, few of these today cover employee conduct on the
Internet. If your company has no "locks" on electronic
behavior, the honest employee may appreciate knowing what’s
permitted and what’s not.
What,
however, constitutes an effective Internet policy?
Certainly,
the Internet has become an important business tool, speeding
up all sorts of communications and exponentially increasing
the availability and flow of information. Taking away an employee’s
computer or restricting its hours of use is more than likely
counter-productive. Alternatively, one could decree that computers
are to be used strictly for business purposes – but
the amount of surveillance required to enforce such a policy
also would be counter-productive.
A better
approach may be to provide Internet access for business purposes
while condoning occasional personal use. That is what most
companies do with long-distance telephone calling, whether
they realize it or not. In the long run, it is cheaper and
more productive to permit the occasional personal call than
to force the employee to leave the office and find a pay phone.
You have
the right to monitor communications at your place of business,
including E-mail and other computer transmissions. If you
plan to monitor these communications (most likely on a spot-check
basis), inform employees of your intent and warn them that
abuse of privileges may lead to their rescission. Explain
that it’s one thing to check the weather forecast on
AOL and quite another to spend three hours in a chat room
grousing about the boss.
Getting
Specific About What’s Forbidden
While
the incidental-use doctrine is helpful in establishing an
enlightened approach to employee time online, it does not
go far enough in clarifying what your company regards as serious
breaches of acceptable conduct.
Accordingly,
here is a list of specific acts you may want to prohibit when
company computers are used:
- Disseminating
trade secrets or confidential records and correspondence
to unauthorized persons, inside or outside the company.
- Making
disparaging statements about the employees, customers, products,
performance and plans of either your company or its competitors.
- Making
libelous or slanderous statements about any individuals
or groups.
- Making
comments that violate employment discrimination or sexual
harassment laws.
- Selling
personal goods or services.
- Receiving
or disseminating illegal materials.
- Receiving
or disseminating pornographic materials, whether illegal
or not.
- Duplicating
copyrighted literature and software.
- Threatening
anyone.
- Gaining,
or trying to gain, illegal/unauthorized access to computer
networks, databases and Web sites ("hacking").
- Committing
any other illegal act.
- Just
as your existing employee handbook establishes grounds for
discipline or dismissal when non-electronic offenses occur,
inform your workforce that the kinds of electronic violations
above are equally serious and equally subject to discipline
or dismissal.
"AOL"
Doesn’t Stand for Anonymity Online
The final
step in developing an effective Internet policy is to educate
employees about the false sense of anonymity they may feel
online. Virtually every online communication creates an electronic
trail, or footprint, that can trace the message or transaction
back to the sender’s computer. This may be visible –
as in the case of an E-mail header, or invisible – as
in the case of a chat-room transmission. In either case, it
is nonetheless "there." (It took less than a week
for experts to trace the Melissa virus back to its alleged
creator.)
Similarly,
much of what is created in a computer remains in the computer,
long after it may have been deleted from accessible files.
These days, the discovery process in complex corporate litigation
– such as an antitrust case – may include a search
of hidden computer records. Lo and behold, an incriminating
E-mail that was deleted years ago comes miraculously back
to life.
In short,
anonymity on or off the Net does not exist – and that
is a sobering thought for most computer users.
Moreover,
employees everywhere want to know the rules of the game. Once
they are informed that Internet usage is subject to the same
principles of conduct and common sense governing the rest
of their business activities, the vast majority will use their
computers with similar care. While no policy will eliminate
all non-business usage of company computers, it will greatly
reduce the risk to your company of ill-advised – if
not illegal – computer transmissions.
|
