boss-spying-on-you

It’s possible that someone has been reading your e-mails, listening to your phone calls, and tracking your Internet use. No, it’s not a foreign spy. It’s not even your ex—it’s your employer. And she doesn’t even need to tell you she’s doing it.

Employers can legally monitor their workers however they want. They can log and review all computer activity as long as they own the machines. The most popular method of keeping tabs on employees is to track Internet use: A whopping 66 percent of companies monitor employee Internet activity, according to a survey released in February by the American Management Association and the ePolicy Institute. What are they looking for? Frequent visits to sexually explicit sites, game sites, and social-networking sites like Facebook on company time. Almost a third of those who said they monitor their employees have fired someone for inappropriate Web surfing.

Some companies monitor employees—tracking keystrokes, reviewing computer files, and reading e-mail—to ensure they’re staying loyal. Press leaks of confidential information and trade secrets are of legitimate concern to employers, and many will go to great lengths to make sure that their employees aren’t using company computers to pass on information to outside sources.

How They Do It

Most employers who monitor their workers use software loaded directly onto the workstations. Some applications are meant to monitor the Internet traffic of entire enterprises. There is no shortage of such software available for purchase by both companies and individuals. Programs like  can keep detailed logs of keystrokes and SMTP and POP sessions, screenshots, instant messages, and URLs visited on individual computers. some keylogger software can also be programmed to inform users at start-up that their computers are being monitored—a handy tool that can keep an employer in the legal clear.

Employee monitoring is, for the most part, completely legal. Only two states—Delaware and Connecticut—require employers to notify employees of monitoring. But most employers do (and should) make a point of alerting employees to surveillance, in order to avoid the fuzzy legal and ethical boundaries surrounding electronic privacy in the workplace. Of those surveyed who monitor their employees, 83 percent said they inform them that they’re doing it.

But not every company informs employees of its actions when it should, which can lead to serious trouble. Case in point: Hewlett-Packard. In 2006, HP hired private investigators to help find the source of information leaks. They used slimy—but legal—tactics such as digging through trash, sending fake e-mails loaded with hidden tracking software, and tailing journalists who were communicating with HP employees. They crossed the legal line when they used pretexting, or posing as someone else in order to get phone records. The chairman of HP and half a dozen board members resigned or were fired as a result, and the entire debacle shed new light on the possibilities of employee monitoring in the digital age.

E-mail monitoring can be particularly tricky. Employers can look through old e-mail, but monitoring e-mails in real time as they come in and out is still a gray legal area. An employer may intercept communications where there is actual or implied employee consent. Implied consent has been found where the employer simply gave notice of the monitoring. The only area that is definitely off-limits is employees’ personal laptops and hard drives.

How Do You Know?

If you’re using a company-owned computer, it’s probably a good idea to assume your activity is being monitored. And unless you’re using encrypted e-mail, you should try to avoid using your work e-mail address for personal correspondence. If that’s not realistic, then a good rule of thumb is to read every e-mail before you send it, and think about how your boss might react if he or she were reading it.

In most cases you can detect monitoring software the same way as other spyware. Any application firewall, such as Norton or McAfee, should be able to find unauthorized applications on your computer. Of course, in the case of monitoring by your employer, it’s likely that IT installed the monitoring app and has therefore set up rules to allow the application to work with your firewall while remaining invisible in the background.

Some antispyware programs can detect and even remove keyloggers. If you install a program like , you’ll probably be able to figure out whether you’re being monitored.

If a spyware scan isn’t revealing anything and you’re still apprehensive, you can check for any suspicious processes that are running. It’s hard to weed out the normal processes from the foreign ones, however, unless the invasive program creates an obvious folder or process (YouAreBeingWatched.exe). And some monitoring software, uses rootkit techniques, so you can’t even see its processes or files. Hit Ctrl-Alt-Delete and go to the Task Manager to see a list of processes running on your workstation. You may get lucky if you’re really familiar with your computer’s processes, or if the program really does use an obvious name (some programs do).

Of course, the easiest way to find out whether you’re being monitored is just to ask your employers. Ethical considerations will most likely push them to tell you the truth, and they probably know that if they lie it could be grounds for legal trouble later on. The responsible employer should create an Acceptable Use Policy to make what is appropriate in the workplace completely clear. But if you think you’re being watched (and you’re pretty sure it’s not the CIA or your ex), try a standard spyware detection program or monitor your computer’s processes.

If you do find you’re being monitored, depending on the circumstances, you might be able to take legal action against your employer. The only legal limit on workplace surveillance comes in the form of the ECPA (the Electronic Communications Privacy Act, passed in 1986), which prohibits employers from deliberately eavesdropping on personal conversations. The ECPA does not protect any kind of communication except the spoken word, though, so your every action while at work, including personal e-mails, is most likely subject to review by your employer. You might not be able to take your employer to court for watching you at work, but at least you’ll know to quit spending so much time playing on the company dime.