Computerworld - I have been asked to investigate an employee who may be violating agency policy regarding computing resources. That sounds straightforward, but this situation has put into sharp relief the difficulty we have in a state agency when it comes to monitoring employees.
I worked for years in the private sector, where things were cut and dried. If IT security got a request from personnel to investigate an employee’s in-house activities, we would do our thing and gather reams of data that we could turn over to personnel. Usually, the employee ended up being escorted from the building shortly thereafter.
We had the tools. We knew what we were doing. We had no hesitation, because we were not violating anyone’s privacy and our job was to protect the company. All employees signed an acceptable-use policy when they were hired, and it was spelled out to them that they would be monitored. Everything was crystal clear.
In the public sector, it sometimes seems as if employees have more rights than is appropriate. They are so protected by state law that management often has its hands tied when confronted with misconduct. Most state agencies do not implement Web filtering or monitor employees’ online behavior. Exceptions exist among agencies that protect the public, like fire and police, but most state agencies seem to assume that employees are on their best behavior. It’s like “don’t ask, don’t tell” for bureaucrats.
So, what can a government entity do when suspicion arises that an employee is misusing network computing resources? In a way, we are put in the position of having to hope for the worst. If someone was suspected of doing something that is patently illegal, such as downloading child pornography, he would be open to criminal investigation. Law enforcement -- in the form of the police, the FBI or the attorney general’s office -- would have to be called in.
But what about an employee who spends work time trading on eBay, chatting via instant messaging, sending and reading personal e-mail or browsing the Internet for hours at a time? What can you do, as a public-sector supervisor, when you suspect that an employee is wasting time with such activities, when the only evidence you have is that he always quickly hides a window on his monitor when you approach? If you don’t have the right to deploy monitoring tools, all you’ve got is suspicion and no hard data to back it up. Without the proper tools, we can’t preserve the chain of evidence in a security investigation.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
